News

LXD 3.15 has been released

11th of July 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.15!

This release both includes a number of major new features as well as some significant internal rework of various parts of LXD.

One big highlight is the transition to the dqlite 1.0 branch which will bring us more performance and reliability, both for our cluster users and for standalone installations. This rework moves a lot of the low-level database/replication logic to dedicated C libraries and significantly reduces the amount of back and forth going on between C and Go.

On the networking front, this release features a lot of improvements, adding support for IPv4/IPv6 filtering on bridges, MAC and VLAN filtering on SR-IOV devices and much improved DHCP server management.

We're also debuting a new version of our resources API which will now provide details on network devices and storage disks on top of extending our existing CPU, memory and GPU reporting.

And that's all before looking into the many other performance improvements, smaller features and bugfixes that went into this release.

For our Windows users, this is also the first LXD release to be available through the Chocolatey package manager: choco install lxc

Enjoy!

Major improvements

Switch to dqlite 1.0

After over a year of running all LXD servers on the original implementation of our distributed sqlite database, it's finally time for LXD to switch to its 1.0 branch.

This doesn't come with any immediately noticeable improvements for the user, but reduces the number of external dependencies, CPU usage and memory usage for the database. It will also make it significantly easier for us to debug issues and better integrate with more complex database operations when running clusters.

Upon upgrading to LXD 3.15, the on-disk database format will change, getting automatically converted following an automated backup. For cluster users, the protocol used for database queries between cluster nodes is also changing, which will cause all cluster nodes to refresh at the same time so they all transition to the new database.

Reworked DHCP lease handling

In the past, LXD's handling of DHCP was pretty limited. We would write static lease entries to the configuration and then kick dnsmasq to read it. For changes and deletions of static leases, we'd need to completely restart the dnsmasq process which was rather costly.

LXD 3.15 changes that by instead having LXD itself issue DHCP requests to the dnsmasq server based on what's currently in the DHCP lease table. This can be used to manually release a lease when a container's configuration is altered or a container is deleted, all without ever needing to restart dnsmasq.

Reworked cluster heartbeat handling

In the past, the cluster leader would send a message to all cluster members on a 10s cadence, spreading those heartbeats over time. The heatbeat data itself was just the list of database nodes so that all cluster members would know where to send database queries.

Separately from that mechanism, we then had background tasks on all cluster members which would periodically look for version mismatches between members to detect pending updates and another task to detect changes in the list of members or in their IP addresses to re-configure clustered DNS.

For large size clusters, those repetitive tasks ended up being rather costly and also un-needed.

LXD 3.15 now extends this internal heartbeat to include the most recent version information from the cluster as well as the status of all cluster members, not just the database ones. This means that only the cluster leader needs to retrieve that data and all other members will now have a consistent view of everything within 10s rather than potentially several minutes (as was the case for the update check).

Better syscall interception framework

Quite a bit of work has gone into the syscall interception feature of LXD. Currently this covers mknod and mknodat for systems that run a 5.0+ kernel along with a git snapshot of both liblxc and libseccomp.

The changes involve a switch of API with liblxc ahead of the LXC 3.2 release as well as fixing handling of shiftfs backed containers and cleaning common logic to make it easier to intercept additional syscalls in the near future.

More reliable unix socket proxying

A hard to track down bug in the proxy device code was resolved which will now properly handle unix socket forwarding. This was related to end of connection detection and forwarding of the disconnection event.

Users of the proxy device for X11 and/or pulseaudio may in the past have noticed windows that won't close on exit or the sudden inability to start new software using that unix socket. This has now been resolved and so should make the life of those running graphical applications in LXD much easier.

New features

Hardware VLAN and MAC filtering on SR-IOV

The security.mac_filtering and vlan properties are now avaiable to SR-IOV devices. This directly controls the matching SR-IOV options on the virtual function and so will completely prevent any MAC spoofing from the container or in the case of VLANs will perform hardware filtering at the VF level.

root@athos:~# lxc init ubuntu:18.04 c1
Creating c1
root@athos:~# lxc config device add c1 eth0 nic nictype=sriov parent=eth0 vlan=1015 security.mac_filtering=true
Device eth0 added to c1
root@athos:~# lxc start c1
root@athos:~# lxc list c1
+------+---------+------+-----------------------------------------------+------------+-----------+
| NAME |  STATE  | IPV4 |                     IPV6                      |    TYPE    | SNAPSHOTS |
+------+---------+------+-----------------------------------------------+------------+-----------+
| c1   | RUNNING |      | 2001:470:b0f8:1015:7010:a0ff:feca:e7e1 (eth0) | PERSISTENT | 0         |
+------+---------+------+-----------------------------------------------+------------+-----------+

New storage-size option for lxd-p2c

A new --storage-size option has been added which when used together with --storage allows specifying the desired volume size to use for the container.

root@mosaic:~# ./lxd-p2c 10.166.11.1 p2c / --storage btrfs --storage-size 10GB
Generating a temporary client certificate. This may take a minute...
Certificate fingerprint: fd200419b271f1dc2a5591b693cc5774b7f234e1ff8c6b78ad703b6888fe2b69
ok (y/n)? y
Admin password for https://10.166.11.1:8443: 
Container p2c successfully created

stgraber@castiana:~/data/code/go/src/github.com/lxc/lxd (lxc/master)$ lxc config show p2c
architecture: x86_64
config:
  volatile.apply_template: copy
  volatile.eth0.hwaddr: 00:16:3e:12:39:c8
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
devices:
  root:
    path: /
    pool: btrfs
    size: 10GB
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Ceph FS storage backend for custom volumes

Ceph FS was added as a storage driver for LXD. Support is limited to custom storage volumes though, containers will not be allowed on Ceph FS and it's indeed recommended to use Ceph RBD for them.

Ceph FS support includes size restrictions (quota) and native snapshot supports when the server, server configuration and client kernel support those features.

This is a perfect match for users of LXD clustering with Ceph as Ceph FS will allow you to attach the same custom volume to multiple containers at the same time, even if they're located on different hosts (which isn't the case for RBD).

stgraber@castiana:~$ lxc storage create test cephfs source=persist-cephfs/castiana
Storage pool test created
stgraber@castiana:~$ lxc storage volume create test my-volume
Storage volume my-volume created
stgraber@castiana:~$ lxc storage volume attach test my-volume c1 data /data

stgraber@castiana:~$ lxc exec c1 -- df -h
Filesystem                                               Size  Used Avail Use% Mounted on
/var/lib/lxd/storage-pools/default/containers/c1/rootfs  142G  420M  141G   1% /
none                                                     492K  4.0K  488K   1% /dev
udev                                                     7.7G     0  7.7G   0% /dev/tty
tmpfs                                                    100K     0  100K   0% /dev/lxd
tmpfs                                                    100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                    7.8G     0  7.8G   0% /dev/shm
tmpfs                                                    7.8G  156K  7.8G   1% /run
tmpfs                                                    5.0M     0  5.0M   0% /run/lock
tmpfs                                                    7.8G     0  7.8G   0% /sys/fs/cgroup
[2001:470:b0f8:1015:5054:ff:fe5e:ea44]:6789:/castiana     47G     0   47G   0% /data

IPv4 and IPv6 filtering (spoof protection)

One frequently requested feature is to extend our spoofing protection beyond just MAC spoofing, doing proper IPv4 and IPv6 filtering too.

This effectively allows multiple containers to share the same underlying bridge without having concerns about root in one of those containers being able to spoof the address of another, hijacking traffic or causing connectivity issues.

To prevent a container from being able to spoof the MAC or IP of any other container, you can now set the following properties on the nic device:

  • security.mac_filtering=true
  • security.ipv4_filtering=true
  • security.ipv6_filtering=true

NOTE: Setting those will prevent any internal bridging/nesting inside that container as those rely on multiple MAC addresses being used for a single container.

stgraber@castiana:~$ lxc config device add c1 eth0 nic nictype=bridged name=eth0 parent=lxdbr0 security.mac_filtering=true security.ipv4_filtering=true security.ipv6_filtering=true
Device eth0 added to c1
stgraber@castiana:~$ lxc start c1
stgraber@castiana:~$ lxc list c1
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| NAME |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| c1   | RUNNING | 10.166.11.178 (eth0) | 2001:470:b368:4242:216:3eff:fefa:e5f8 (eth0) | PERSISTENT | 0         |
+------+---------+----------------------+----------------------------------------------+------------+-----------+

Reworked resources API (host hardware)

The resources API (/1.0/resources) has seen a lot of improvements as well as a re-design of the existing bits. Some of the changes include:

  • CPU
  • Improved reporting of NUMA nodes (now per-core)
  • Improved reporting of frequencies (minimum, current and turbo)
  • Added cache information reporting
  • Added full core/thread topology
  • Added ID (to use for pinning)
  • Added architecture name
  • Memory
  • Added NUMA node reporting
  • Added hugepages trtacking
  • GPU
  • Added sub-section for DRM information
  • Now detecting cards which aren't bound to a DRM driver
  • Support for GPU SR-IOV reporting
  • NIC
  • Added reporting of ethernet & infiniband cards
  • Support for SR-IOV
  • Per-port link information
  • Disks
  • Added support for disk reporting
  • Bus type reporting
  • Partition list
  • Disk identifiers (vendor, WWN, ...)

The lxc info --resources command was updated to match.

NOTE: This version of the resources API isn't compatible with the previous one. The data structures had to change to properly handle more complex CPU topologies (like AMD Epyc) and couldn't be done in a properly backward compatible way. As a result, the command line client will detect the resources_v2 API and fail for servers which do not support it.

root@athos:~# lxc info --resources
CPUs (x86_64):
  Socket 0:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
    Caches:
      - Level 1 (type: Data): 33kB
      - Level 1 (type: Instruction): 33kB
      - Level 2 (type: Unified): 262kB
      - Level 3 (type: Unified): 31MB
    Cores:
      - Core 0
        Frequency: 2814Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 0, online: true)
          - 1 (id: 24, online: true)
      - Core 1
        Frequency: 2800Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 1, online: true)
          - 1 (id: 25, online: true)
      - Core 2
        Frequency: 2652Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 2, online: true)
          - 1 (id: 26, online: true)
      - Core 3
        Frequency: 2840Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 27, online: true)
          - 1 (id: 3, online: true)
      - Core 4
        Frequency: 2613Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 28, online: true)
          - 1 (id: 4, online: true)
      - Core 5
        Frequency: 2811Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 29, online: true)
          - 1 (id: 5, online: true)
      - Core 8
        Frequency: 2710Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 30, online: true)
          - 1 (id: 6, online: true)
      - Core 9
        Frequency: 2807Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 31, online: true)
          - 1 (id: 7, online: true)
      - Core 10
        Frequency: 2805Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 32, online: true)
          - 1 (id: 8, online: true)
      - Core 11
        Frequency: 2874Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 33, online: true)
          - 1 (id: 9, online: true)
      - Core 12
        Frequency: 2936Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 10, online: true)
          - 1 (id: 34, online: true)
      - Core 13
        Frequency: 2819Mhz
        NUMA node: 0
        Threads:
          - 0 (id: 11, online: true)
          - 1 (id: 35, online: true)
    Frequency: 2790Mhz (min: 1200Mhz, max: 3200Mhz)
  Socket 1:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
    Caches:
      - Level 1 (type: Data): 33kB
      - Level 1 (type: Instruction): 33kB
      - Level 2 (type: Unified): 262kB
      - Level 3 (type: Unified): 31MB
    Cores:
      - Core 0
        Frequency: 1762Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 12, online: true)
          - 1 (id: 36, online: true)
      - Core 1
        Frequency: 2440Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 13, online: true)
          - 1 (id: 37, online: true)
      - Core 2
        Frequency: 1845Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 14, online: true)
          - 1 (id: 38, online: true)
      - Core 3
        Frequency: 2899Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 15, online: true)
          - 1 (id: 39, online: true)
      - Core 4
        Frequency: 2727Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 16, online: true)
          - 1 (id: 40, online: true)
      - Core 5
        Frequency: 2345Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 17, online: true)
          - 1 (id: 41, online: true)
      - Core 8
        Frequency: 1931Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 18, online: true)
          - 1 (id: 42, online: true)
      - Core 9
        Frequency: 1959Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 19, online: true)
          - 1 (id: 43, online: true)
      - Core 10
        Frequency: 2137Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 20, online: true)
          - 1 (id: 44, online: true)
      - Core 11
        Frequency: 3065Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 21, online: true)
          - 1 (id: 45, online: true)
      - Core 12
        Frequency: 2603Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 22, online: true)
          - 1 (id: 46, online: true)
      - Core 13
        Frequency: 2543Mhz
        NUMA node: 1
        Threads:
          - 0 (id: 23, online: true)
          - 1 (id: 47, online: true)
    Frequency: 2354Mhz (min: 1200Mhz, max: 3200Mhz)

Memory:
  Hugepages:
    Free: 0B
    Used: 171.80GB
    Total: 171.80GB
  NUMA nodes:
    Node 0:
      Hugepages:
        Free: 0B
        Used: 85.90GB
        Total: 85.90GB
      Free: 119.93GB
      Used: 150.59GB
      Total: 270.52GB
    Node 1:
      Hugepages:
        Free: 0B
        Used: 85.90GB
        Total: 85.90GB
      Free: 127.28GB
      Used: 143.30GB
      Total: 270.58GB
  Free: 250.14GB
  Used: 290.96GB
  Total: 541.10GB

GPUs:
  Card 0:
    NUMA node: 0
    Vendor: Matrox Electronics Systems Ltd. (102b)
    Product: MGA G200eW WPCM450 (0532)
    PCI address: 0000:08:03.0
    Driver: mgag200 (5.0.0-20-generic)
    DRM:
      ID: 0
      Card: card0 (226:0)
      Control: controlD64 (226:0)
  Card 1:
    NUMA node: 1
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:82:00.0
    Driver: vfio-pci (0.2)
  Card 2:
    NUMA node: 1
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:83:00.0
    Driver: vfio-pci (0.2)

NICs:
  Card 0:
    NUMA node: 0
    Vendor: Intel Corporation (8086)
    Product: I350 Gigabit Network Connection (1521)
    PCI address: 0000:02:00.0
    Driver: igb (5.4.0-k)
    Ports:
      - Port 0 (ethernet)
        ID: eth0
        Address: 00:25:90:ef:ff:31
        Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full
        Supported ports: twisted pair
        Port type: twisted pair
        Transceiver type: internal
        Auto negotiation: true
        Link detected: true
        Link speed: 1000Mbit/s (full duplex)
    SR-IOV information:
      Current number of VFs: 7
      Maximum number of VFs: 7
      VFs: 7
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:10.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s16
            Address: 72:10:a0:ca:e7:e1
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:10.4
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s16f4
            Address: 3e:fa:1d:b2:17:5e
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:11.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s17
            Address: 36:33:bf:74:89:8e
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:11.4
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s17f4
            Address: 86:a4:f0:b5:2f:e1
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:12.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s18
            Address: 56:0a:5a:0c:e7:ff
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:12.4
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s18f4
            Address: 0a:a9:b3:21:13:8c
            Auto negotiation: false
            Link detected: false
      - NUMA node: 0
        Vendor: Intel Corporation (8086)
        Product: I350 Ethernet Controller Virtual Function (1520)
        PCI address: 0000:02:13.0
        Driver: igbvf (2.4.0-k)
        Ports:
          - Port 0 (ethernet)
            ID: enp2s19
            Address: ae:1a:db:06:8a:51
            Auto negotiation: false
            Link detected: false
  Card 1:
    NUMA node: 0
    Vendor: Intel Corporation (8086)
    Product: I350 Gigabit Network Connection (1521)
    PCI address: 0000:02:00.1
    Driver: igb (5.4.0-k)
    Ports:
      - Port 0 (ethernet)
        ID: eth1
        Address: 00:25:90:ef:ff:31
        Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full
        Supported ports: twisted pair
        Port type: twisted pair
        Transceiver type: internal
        Auto negotiation: true
        Link detected: true
        Link speed: 1000Mbit/s (full duplex)
    SR-IOV information:
      Current number of VFs: 0
      Maximum number of VFs: 7

Disks:
  Disk 0:
    NUMA node: 0
    ID: nvme0n1
    Device: 259:0
    Model: INTEL SSDPEKNW020T8
    Type: nvme
    Size: 2.05TB
    WWN: eui.0000000001000000e4d25c8b7c705001
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: nvme0n1p1
        Device: 259:1
        Read-Only: false
        Size: 52.43MB
      - Partition 2
        ID: nvme0n1p2
        Device: 259:2
        Read-Only: false
        Size: 26.84GB
      - Partition 3
        ID: nvme0n1p3
        Device: 259:3
        Read-Only: false
        Size: 8.59GB
      - Partition 4
        ID: nvme0n1p4
        Device: 259:4
        Read-Only: false
        Size: 53.69GB
      - Partition 5
        ID: nvme0n1p5
        Device: 259:5
        Read-Only: false
        Size: 1.96TB
  Disk 1:
    NUMA node: 0
    ID: nvme1n1
    Device: 259:6
    Model: INTEL SSDPEKNW020T8
    Type: nvme
    Size: 2.05TB
    WWN: eui.0000000001000000e4d25cca7c705001
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: nvme1n1p1
        Device: 259:7
        Read-Only: false
        Size: 52.43MB
      - Partition 2
        ID: nvme1n1p2
        Device: 259:8
        Read-Only: false
        Size: 26.84GB
      - Partition 3
        ID: nvme1n1p3
        Device: 259:9
        Read-Only: false
        Size: 8.59GB
      - Partition 4
        ID: nvme1n1p4
        Device: 259:10
        Read-Only: false
        Size: 53.69GB
      - Partition 5
        ID: nvme1n1p5
        Device: 259:11
        Read-Only: false
        Size: 1.96TB
  Disk 2:
    NUMA node: 0
    ID: sda
    Device: 8:0
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sda1
        Device: 8:1
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sda9
        Device: 8:9
        Read-Only: false
        Size: 8.39MB
  Disk 3:
    NUMA node: 0
    ID: sdb
    Device: 8:16
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdb1
        Device: 8:17
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdb9
        Device: 8:25
        Read-Only: false
        Size: 8.39MB
  Disk 4:
    NUMA node: 0
    ID: sdc
    Device: 8:32
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdc1
        Device: 8:33
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdc9
        Device: 8:41
        Read-Only: false
        Size: 8.39MB
  Disk 5:
    NUMA node: 0
    ID: sdd
    Device: 8:48
    Model: WDC WD60EFRX-68L
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdd1
        Device: 8:49
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdd9
        Device: 8:57
        Read-Only: false
        Size: 8.39MB
  Disk 6:
    NUMA node: 0
    ID: sde
    Device: 8:64
    Model: CT1000MX500SSD1
    Type: scsi
    Size: 1.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sde1
        Device: 8:65
        Read-Only: false
        Size: 52.43MB
      - Partition 2
        ID: sde2
        Device: 8:66
        Read-Only: false
        Size: 1.07GB
      - Partition 3
        ID: sde3
        Device: 8:67
        Read-Only: false
        Size: 17.18GB
      - Partition 4
        ID: sde4
        Device: 8:68
        Read-Only: false
        Size: 4.29GB
      - Partition 5
        ID: sde5
        Device: 8:69
        Read-Only: false
        Size: 977.60GB
  Disk 7:
    NUMA node: 0
    ID: sdf
    Device: 8:80
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdf1
        Device: 8:81
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdf9
        Device: 8:89
        Read-Only: false
        Size: 8.39MB
  Disk 8:
    NUMA node: 0
    ID: sdg
    Device: 8:96
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdg1
        Device: 8:97
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdg9
        Device: 8:105
        Read-Only: false
        Size: 8.39MB
  Disk 9:
    NUMA node: 0
    ID: sdh
    Device: 8:112
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdh1
        Device: 8:113
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdh9
        Device: 8:121
        Read-Only: false
        Size: 8.39MB
  Disk 10:
    NUMA node: 0
    ID: sdi
    Device: 8:128
    Model: WDC WD60EFRX-68M
    Type: scsi
    Size: 6.00TB
    Read-Only: false
    Removable: false
    Partitions:
      - Partition 1
        ID: sdi1
        Device: 8:129
        Read-Only: false
        Size: 6.00TB
      - Partition 9
        ID: sdi9
        Device: 8:137
        Read-Only: false
        Size: 8.39MB

Control over uid, gid and cwd during command execution

It is now possible to specify what user id (uid), group id (gid) or current working directory (cwd) to use for a particular command. Note that user names and group names aren't supported.

stgraber@castiana:~$ lxc exec c1 --user 1000 --group 1000 --cwd /tmp -- bash
ubuntu@c1:/tmp$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu)
ubuntu@c1:/tmp$

Quota support for custom storage volumes on dir backend

When using a storage pool backend by the dir driver and with a source path that supports filesystem project quotas, it is now possible to set disk usage limits on custom volumes.

stgraber@castiana:~$ sudo truncate -s 100G test.img
stgraber@castiana:~$ sudo mkfs.ext4 test.img
mke2fs 1.45.2 (27-May-2019)
Discarding device blocks: done                            
Creating filesystem with 26214400 4k blocks and 6553600 inodes
Filesystem UUID: 50ee78cb-e4e3-4e09-b38b-3fb06c6740a4
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done   
stgraber@castiana:~$ sudo tune2fs -O project -Q prjquota test.img
tune2fs 1.45.2 (27-May-2019)
stgraber@castiana:~$ sudo mkdir /mnt/test
stgraber@castiana:~$ sudo mount -o prjquota test.img /mnt/test
stgraber@castiana:~$ sudo rmdir /mnt/test/lost+found

stgraber@castiana:~$ lxc storage create dir dir source=/mnt/test
Storage pool dir created
stgraber@castiana:~$ lxc storage volume create dir blah
Storage volume blah created
stgraber@castiana:~$ lxc storage volume attach dir blah c1 blah /blah

stgraber@castiana:~$ lxc exec c1 -- df -h /blah
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop32      98G   61M   93G   1% /blah
stgraber@castiana:~$ lxc storage volume set dir blah size 10GB
stgraber@castiana:~$ lxc exec c1 -- df -h /blah
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop32     9.4G  4.0K  9.4G   1% /blah

Bugs fixed

  • client: Move to units package
  • doc: Fix underscore escaping
  • doc/devlxd: Fix path to host's communication socket
  • doc/README: Add basic install instructions
  • doc/README: Update linker flags
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Fix renaming storage volume snapshots
  • lxc: Move to units package
  • lxc/copy: Always strip volatile.last_state.power
  • lxc/export: Expire the backup after 24 hours
  • lxd: Better handle bad commands
  • lxd: Fix renaming volume snapshots
  • lxd: Move to units package
  • lxd: Use RunCommandSplit when needed
  • lxd/api: Update handler funcs to take nodeRefreshFunc
  • lxd/cluster: Always return node list on rebalance
  • lxd/cluster: Better handle DB node removal
  • lxd/cluster: Export some heartbeat code
  • lxd/cluster: Perform heartbeats only on the leader
  • lxd/cluster: Update HandlerFuncs calls in tests
  • lxd/cluster: Update heartbeat test to pass last leader heartbeat time
  • lxd/cluster: Update tests not to use KeepUpdated in tests
  • lxd/cluster: Use correct node id on promote
  • lxd/cluster/gateway: Update to receive new heartbeat format
  • lxd/cluster/heartbeat: Add new heartbeat request format
  • lxd/cluster/heartbeat: Compare both ID and Address
  • lxd/cluster/heartbeat: Fix bug when nodes join during heartbeat
  • lxd/cluster/heartbeat: Remove unneeded go routine (as context does cancel)
  • lxd/cluster/heartbeat: Use current timestamp for DB record
  • lxd/cluster/membership: Update Join to send new heartbeat format
  • lxd/cluster/upgrade: Remove KeepUpdated and use MayUpdate directly
  • lxd/cluster/upgrade: Remove unused context
  • lxd/cluster/upgrade: Remove unused context from test
  • lxd/containers: Add allocateNetworkFilterIPs
  • lxd/containers: Add error checking for calls to networkClearLease
  • lxd/containers: Add SR-IOV parent restoration
  • lxd/containers: Better detect and alert on missing br_netfilter module
  • lxd/containers: Combine state updates
  • lxd/containers: Consistent comment endings
  • lxd/containers: Disable auto mac generation for sriov devices
  • lxd/containers: Ensure dnsmasq config refresh if bridge nic added/removed
  • lxd/containers: Ensure that sriov devices use volatile host_name for removal
  • lxd/containers: Fix return value of detachInterfaceRename
  • lxd/containers: Fix showing host_name of veth pair in lxc info
  • lxd/containers: Fix snapshot restore on ephemeral
  • lxd/containers: Fix template handling
  • lxd/containers: generateNetworkFilterEbtablesRules to accept IP info as args
  • lxd/containers: generateNetworkFilterIptablesRules to accept IP info as args
  • lxd/containers: Improve comment on DHCP host config removal
  • lxd/containers: Made detection of veth nic explicit
  • lxd/containers: Move all nic hot plug functionality into separate functions
  • lxd/containers: Move container taring logic into standalone class
  • lxd/containers: Move network filter setup into setupHostVethDevice
  • lxd/containers: Move stop time nic device detach into cleanupNetworkDevices
  • lxd/containers: Remove containerNetworkKeys as unused
  • lxd/containers: Remove ineffective references to containerNetworkKeys
  • lxd/containers: Remove the need for fixed veth peer when doing mac_filtering
  • lxd/containers: Remove unused arg from setNetworkRoutes
  • lxd/containers: Separate cleanupHostVethDevices into cleanupHostVethDevice
  • lxd/containers: Speed up startCommon a bit
  • lxd/containers: Update removeNetworkFilters to use dnsmasq config
  • lxd/containers: Update setNetworkFilters to allocate IPs if needed
  • lxd/containers: Update setupHostVethDevice to wipe old DHCPv6 leases
  • lxd/containers: Use current binary for early hooks
  • lxd/daemon: Update daemon to support node refresh tasks from heartbeat
  • lxd/db: Add Gateway.isLeader() function
  • lxd/db: Better formatting
  • lxd/db: Bootstrap dqlite for new servers
  • lxd/db: Check dqlite version of connecting nodes
  • lxd/db: Check TLS cert in raft connection handler
  • lxd/db: Conditionally check leadership in dqlite dial function
  • lxd/db: Convert tests to the new go-dqlite API
  • lxd/db: Copy network data between TLS Go conn and Unix socket
  • lxd/db: Custom dqlite dial function
  • lxd/db: Don't use the db in legacy patch 12
  • lxd/db: Drop dependencies on hashicorp/raft
  • lxd/db: Drop hashicorp/raft setup code
  • lxd/db: Drop the legacy /internal/raft endpoint
  • lxd/db: Drop unused hashicorp/raft network transport wrapper
  • lxd/db: Fix comment
  • lxd/db: Fix import
  • lxd/db: Fix lint
  • lxd/db: Get information about current servers from dqlite
  • lxd/db: Ignore missing WAL files when reproducing snapshots
  • lxd/db: Improve gateway standalone test
  • lxd/db: Instantiate dqlite
  • lxd/db: Move container list from containersShutdown into containersOnDisk
  • lxd/db: No need to shutdown hashicorp/raft instance
  • lxd/db: Only use the schema db transaction in legacy patches
  • lxd/db: Perform data migration to dqlite 1.0 format
  • lxd/db: Retry copy-related errors
  • lxd/db: Return HTTP code 426 (Upgrade Required) if peer has old version
  • lxd/db: Set max open conns before running schema upgrades
  • lxd/db: Translate address of first node
  • lxd/db: Turn patchShrinkLogsDBFile into a no-op
  • lxd/db: Update comment
  • lxd/db: Update docstring
  • lxd/db: Update unit tests
  • lxd/db: Use dqlite leave primitive
  • lxd/db: Use dqlite's join primitive
  • lxd/db: Use ID instead of address to detect initial node
  • lxd/db: Wire isLeader()
  • lxd/instance_types: Improve errors
  • lxd/main: Fix debug mode flag to actually enable debug mode
  • lxd/main: Fix test runner by allowing empty command arg
  • lxd/main_callhook: Don't call /1.0
  • lxd/main_checkfeature: Remove unused variable
  • lxd/main_forkmknod: Check for MS_NODEV
  • lxd/main_forkmknod: Correctly handle shiftfs
  • lxd/main_forkmknod: Ensure correct device ownership
  • lxd/main_forkmknod: Remove unused variables
  • lxd/main_forkmknod: Simplify
  • lxd/main_forknet: Clean up forknet detach error logging and output
  • lxd/networks: Add DHCP range functions
  • lxd/networks: Add --dhcp-rapid-commit when dnsmasq version > 2.79
  • lxd/networks: Add IP allocation functions
  • lxd/networks: Add networkDeviceBindWait function
  • lxd/networks: Add networkDHCPv4Release function
  • lxd/networks: Add networkDHCPv6Release function and associated packet helper
  • lxd/networks: Add networkGetVirtFuncInfo function
  • lxd/networks: Add networkUpdateStaticContainer
  • lxd/networks: Add SR-IOV related PCI bind/unbind helper functions
  • lxd/networks: Allow querying state on non-managed
  • lxd/networks: Call networkUpdateForkdnsServersTask from node refresh
  • lxd/networks: Cleaned up the device bind/unbind functions for SR-IOV
  • lxd/networks: Fix bug preventing 3rd party routes restoration on startup
  • lxd/networks: Remove unused context
  • lxd/networks: Remove unused state.State from networkClearLease()
  • lxd/networks: Start dnsmasq with --no-ping option to avoid delayed writes
  • lxd/networks: Update networkClearLease to support a mode flag
  • lxd/networks: Update networkClearLease to use DHCP release helpers
  • lxd/networks: Update networkUpdateStatic to use existing config for filters
  • lxd/networks: Update networkUpdateStatic to use networkUpdateStaticContainer
  • lxd/networks: Update refreshForkdnsServerAddresses to run from node refresh
  • lxd/patches: Handle btrfs snapshots properly
  • lxd/proxy: Fix error handling for unix
  • lxd/rsync: Allow disabling xattrs during copy
  • lxd/rsync: Don't double-specify --xattrs
  • lxd/seccomp: Add insertMount() helpers
  • lxd/seccomp: Cause a default message to be sent
  • lxd/seccomp: Check permissions before handling mknod via device injection
  • lxd/seccomp: Cleanup + simplify
  • lxd/seccomp: Define __NR_mknod if missing
  • lxd/seccomp: Ensure correct owner on __NR_mknod{at}
  • lxd/seccomp: Fix error reporting
  • lxd/seccomp: Handle compat arch syscalls
  • lxd/seccomp: Handle new liblxc seccomp notify updates
  • lxd/seccomp: Retry with mount hotplug
  • lxd/seccomp: Rework missing syscall number definitions
  • lxd/seccomp: Simplify and make more secure
  • lxd/storage: Fix copies of volumes with snapshots
  • lxd/storage/ceph: Fix snapshot deletion cleanup
  • lxd/storage/dir: Allow size limits on dir volumes
  • lxd/storage/dir: Fix quotas on dir
  • lxd/storage/dir: Fix some deletion cases
  • lxd/storage/lvm: Adds space used reporting for LVM thinpools
  • lxd/task/group: Improve locking of Start/Add/Stop functions to avoid races
  • Makefile: Update make deps to build also libco and raft
  • shared: Add volatile key suffixes for SR-IOV
  • shared: Better handle stdout/stderr in RunCommand
  • shared: Move to units package
  • shared/netutils: Add lxc_abstract_unix_recv_fds_iov()
  • shared/netutils: Fix bug with getting container PID
  • shared/termios: Fix port to sys/unix
  • shared/units: Move unit functions
  • tests: Add check for dnsmasq host config file removal on container delete
  • tests: Add DHCP lease release tests
  • tests: Add p2p test for adding new nic rather than updating existing
  • tests: Add SR-IOV tests
  • tests: Add test for dnsmasq host config update when nic added/removed
  • tests: Add tests for security.mac_filtering functionality
  • tests: Always pass --force to stop/restart
  • tests: Don't leak remotes in tests
  • tests: Fix bad call to spawn_lxd
  • tests: Fix typo in test/suites/clustering.sh
  • tests: Increase nic bridge ping sleep time to 2s
  • tests: Make new shellcheck happy
  • tests: Make shellcheck happy
  • tests: Optimize ceph storage test
  • tests: Properly scope LXD_NETNS
  • tests: Remove un-needed LXD_DIR
  • tests: Re-order tests a bit
  • tests: Scope cluster LXD variables
  • tests: Test renaming storage volume snapshots
  • tests: Update godeps
  • tests: Update nic bridge tests to check for route restoration
  • various: Removes use of golang.org/x/net/context in place of stdlib context
  • vendor: Drop vendor directory

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

  • Linux: snap install lxd
  • MacOS: brew install lxc
  • Windows: choco install lxc

LXD 3.0.4 has been released

21st of June 2019

Introduction

The LXD team is pleased to announce the release of LXD 3.0.4!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Migration feature negotiation

Rsync and ZFS options are now being negotiated as part of migration, avoiding container migration issues when moving between different LXD versions or different host OS versions.

Additional progress reporting

Some commands like lxc launch and lxc publish will now report additional progress information in some situations.

Bugfixes

  • fix newline error in ja.po
  • test: Support AppArmor policy cache directory
  • lxd: Fix AppArmor cache policy version check
  • lxd/storage: user_subvol_rm_allowed for btrfs
  • lxd/containers: Improve hwaddr retry logic
  • lxd/storage/zfs: Detect tool version on Ubuntu
  • lxd/db: Fix unit test not actually checking error
  • lxd/db: Fix typo in existing docstring
  • lxd/migration: Bi-directional rsync negotiation
  • lxd/migration: Negotiate ZFS compression
  • lxd/migration: Simplify MigrationSource
  • lxd/migration: Simplify StorageMigrationSink
  • lxd/migration: Simplify MigrationSink
  • tests: Always pass -w to iptables
  • lxd/migration: Cleanup feature negotiation
  • shared: Fix import order
  • lxd/init: Fix typo
  • shared/termios: Add shim for non-cgo builds
  • lxd/storage/lvm: Run pvremove on VG deletion
  • tests: Bump size to 120MB for btrfs
  • shared/idmap: Workaround Go tip change
  • client: convert EventListener to use api.Event
  • client: Fix crash on missing ProgressTracker
  • shared: Fix windows cert handling
  • lxd/proxy: Improve shutdown code
  • lxd/migration: Re-spawn proxy devices
  • lxd/migration: Fix shutdown race
  • lxd/db: Make ContainerSetState use single query
  • tests: Improve live-migration tests
  • lxd/storage_zfs_utils: Add zfsPoolVolumeExists
  • lxd/cluster: Tweak error messages
  • Updated documentation of /cluster/members/ to have correct keys
  • lxd/init: Checks if a zfs storage pool or dataset exists
  • README: Update doc links
  • shared/util: Export DownloadFileHash
  • client: Use exported DownloadFileHash
  • tests: Add env variable to skip static analysis
  • tests: Remove sleep in console test
  • tests: Reduce delays in devlxd test
  • tests: Speed up basic tests
  • tests: Reduce sleep in network test
  • tests: Reduce teardown delays
  • tests: Drop startup sleep for cluster
  • lxc/monitor: Fix rendering
  • shared: Read certificates from host
  • lxd/cluster: Fix schema upgrades
  • image-handling.md: 'release' should be a string and not a list
  • doc: Cleanup security.md
  • lxd/containers: Adapt to go-lxc Release
  • lxc: Fix image list help
  • client: Properly reset listener on error
  • shared/osarch: Add armhfp (centos)
  • doc: Document btrfs resize
  • lxd/containers: Fix lxc.mount.entry for musl
  • client: Strip trailing slashes in URLs
  • lxd/apparmor: Tweak default set of rules
  • *: Rename {Creation,LastUsed}Date to {Created,LastUsed}At
  • tests: Tweak fdleak test
  • lxd: Add internal command to trigger GC
  • shared: Properly handle uncompressed tarballs
  • lxd/containers: Always delete container on create error
  • lxd/containers: Fix disk limits at creation
  • tests: Fix negative tests in basic.sh
  • tests: Fix negative tests in config.sh
  • tests: Fix negative tests in database_update.sh
  • tests: Fix negative tests in devlxd.sh
  • tests: Fix negative tests in external_auth.sh
  • tests: Fix negative tests in idmap.sh
  • tests: Fix negative tests in pki.sh
  • tests: Fix negative tests in remote.sh
  • tests: Fix negative tests in serverconfig.sh
  • tests: Fix negative tests in sql.sh
  • tests: Fix negative tests in storage.sh
  • tests: Fix negative tests in storage_driver_ceph.sh
  • tests: Fix negative tests in storage_local_volume_handling.sh
  • tests: Fix negative tests in storage_profiles.sh
  • tests: Fix negative tests in storage_volume_attach.sh
  • tests: Fix negative tests in template.sh
  • tests: Fix bad test in external_auth
  • tests: Fix bad test in sql
  • tests: Fix bad test in storage
  • tests: Fix volume list in cluster
  • lxd/storage: Fix validation of CEPH config
  • tests: Fix container leak
  • lxd/storage/ceph: Unmap volume after creation
  • lxd/storage/ceph: Create custom mountpoints if missing
  • lxd/containers: Call storage unmount on detach
  • lxd/storage/ceph: Unmap on unmount
  • lxd/migration: Fix race in abort
  • lxd/migration: Handle crashing rsync
  • lxd/migration: Fix sender side errors handling
  • lxd/storage: Fix broken error handling
  • lxd: finish converting events to api.Event
  • lxd/storage: Freeze containers during rsync
  • tests: Reduce sleeps in proxy tests
  • tests: Reduce clustering delays
  • i18n: Fix duplicate language
  • doc: Clarify measurement units
  • lxd: Send metadata in CreateImage error response
  • lxd: Fix possible segfaults in tasks
  • lxd: Send metadata in CreateImage error importing image
  • lxd/images: change compressFile to take io.Reader and io.Writer
  • lxd/images: calculate sha256 as image is written
  • shared.Unpack: Add support for a ProgressTracker during unpack
  • storage: Add ioprogress.ProgressTracker field to storage
  • lxd: Send progress info for export and import operations
  • shared: Progress metadata as a map
  • tests: Fix negative tests in clustering.sh
  • tests: Fix negative tests in migration.sh
  • tests: Fix negative tests in security.sh
  • tests: Fix bad test in clustering
  • images: Tar and compress in a combined stream when packing an image
  • i18n: Update translation templates
  • tests: Fix bad test in security
  • lxd/cluster: Fix config test
  • shared/osarch: Add gentoo armhf variant
  • fix variable in range
  • lxd/db: Fix tests for current go-sqlite3
  • lxd/storage: Drop unused function
  • lxd/network: Rework IP validation functions
  • lxd/containers: Validate ipv4/ipv6 address
  • lxd/network: Reword sysctl network functions
  • lxd/containers: Skip interface removal if missing
  • client: Add UpdateContainerSnapshot
  • client: Support overriding pool when importing backups
  • shared/api: Support updating container snapshots
  • lxd/containers: Update for ContainerSnapshot
  • client: fix goroutine leak in ExecContainer
  • shared/osarch: Add ArchLinux name for armv7
  • lxd: remove /proc/self/cmdline parsing
  • Revert "lxd: remove /proc/self/cmdline parsing"
  • nsexec: make cmdline parsing more reliable
  • lxd/storage/lvm: Call wipesignatures
  • config: Keep candid domains and cookies per-remote
  • lxc: Update for per-remote candid domain/cookies
  • tests: Update godeps
  • lxd/containers: Set liblxc env for CVE-2019-5736
  • lxd/storage/ceph: Rework df handling
  • lxc/remote: Tweak remote list
  • shared: Tweak progress metadata
  • lxd: Set correct progress data for backup/publish
  • lxc/publish: Add progress reporting
  • shared/api: Add snapshot expiry configuration on create
  • client: Add snapshot expiry configuration on create
  • i18n: Update translation templates
  • lxc/publish: Fix bad cherry-pick
  • lxd: copy C smarts from LXC into lxd/include/
  • nsexec: cleanup macros do_setns
  • nsexec: cleanup macros in_same_namespace
  • nsexec: cleanup macros attach_userns
  • nsexec: cleanup macros file_to_buf
  • devlxd_gccgo: initialize to 0
  • network: include macro.h
  • checkfeature: cleanup macros netns_set_nsid
  • forkfile: cleanup macros manip_file_in_ns
  • storage_cgo: include macro.h
  • storage_cgo: cleanup macros find_associated_[...]
  • storage_cgo: cleanup macros get_un[...]_legacy
  • storage_cgo: cleanup macros get_unused_loop_dev
  • storage_cgo: cleanup macros prepare_loop_dev
  • shift_linux: cleanup macros shiftowner
  • util_linux_cgo: cleanup macros lxc_abstract_[...]
  • Revert "client: fix goroutine leak in ExecContainer"
  • util_linux_cgo: restore old behavior
  • lxc/exec: Cleanup terminal logic
  • client: Empty stdin channel on exec completion
  • lxc/list: Fix multiple filters
  • lxd/main_nsexec: Fix type of length in file_to_buf
  • Use capital case in error messages returned by db.NodeInfo.IsEmpty()
  • db.NodeInfo.IsEmpty(): a node with custom volumes is not empty
  • Add integration test checking that nodes with custom volumes can't be removed
  • Prompt for confirmation when using --delete to remove a server
  • lxc/monitor: Don't directly use Exit
  • lxc/console: Remove unused code
  • lxc: Improve error handling in execIfAliases
  • lxc/exec: Don't use Exit
  • lxc/remote: Use candid if supported
  • Add first stab at FAQ
  • doc: Fix typoes in faq.md
  • lxd/response: Simplify SmartError
  • lxc/info: Add targeting to 'lxc info'
  • lxc/storage: Add targeting to 'lxc storage info'
  • lxd: Fix targeting for /1.0 and /1.0/resources
  • shared/api: Add Location to NetworkLeases
  • lxd/migration: Fix handling of missing profiles
  • terminal: do not chown master fd
  • shared/api: Drop StoragePool from Resources struct
  • lxd/resources: Fix bad CPU reporting
  • doc: Inform about ZFS pool default compression
  • shared: Switch ParseNumberFromFile to simple read
  • shared/api: Add CPU socket to resources
  • shared/api: Add GPU to Resources
  • lxd/devices: Cleanup GPU structs
  • shared/idmap: Use separate uid and gid entries
  • lxd-p2c: Workaround for broken /proc/self/exe
  • simplestreams: Align JSON struct for index.json
  • shared/api: Add more GPU info
  • network: Bring mtu device up
  • lxd: Don't leak netlink fds
  • shared/api: Add Location field to operations
  • shared/api: Add NUMA information to resources
  • shared/api: Add KernelFeatures
  • shared/api: Sort ServerEnvironment struct
  • lxd/cluster: Workaround new raft logging
  • simplestreams: Align JSON struct for images.json
  • Fix typo in faq.md
  • Tweak markdown format in storage.md
  • lxc/action: skip containers with intended state
  • lxd/storage/ceph: Fix copying existing volume snap
  • lxd/storage: Rename shiftRootfs to initialShiftRootfs
  • lxd/containers: Use LXC hook version 1
  • lxd/containers: Fix owner/mode of container path
  • lxd/storage: Rename ShiftIfNecessary to resetContainerDiskIdmap
  • lxd/storage: Remove setUnprivUserACL
  • lxc/launch: Show start progress
  • lxd/containers: Implement new idmap functions
  • lxd/containers: Port to new idmap functions
  • doc: Introduce volatile.idmap.current
  • lxd/migrate: Shift CRIU files to current map
  • lxd/containers: Cleanup template application
  • lxd/containers: Properly handle tar shifting
  • lxd/containers: Handle mid-remap containers
  • lxd/containers: Stop proxy before storage
  • shared/api: Add Location field to api.Event
  • client: Properly generate events URL
  • client: Optimize copies on same nodes
  • shared/osarch: Add Plamo x86 arch
  • lxd/internal: Have GC endpoint release memory
  • lxd/cluster: Export Snapshot function
  • lxd/internal: Expose raft-snapshot
  • tests: Allow up to 15s for container reboot
  • lxd/tasks: Avoid races on startup
  • lxc/config: Use shared.IsSnapshot
  • shared/osarch: Add i586 to arch aliases
  • client: Don't crash on missing stdin
  • shared/api: Extend StorageVolumePost
  • client: Consider volumeOnly option when migrating
  • client: Copy volume config and description
  • client: Fix copying between two unix sockets
  • client: Fix copy from snapshot
  • client: Add support for cluster_internal_copy
  • shared/api: Add lxc_features
  • shared/idmap: Add comparison function
  • shared: Fix Windows build
  • shared/network: Fix reporting of down interfaces
  • shared/getifaddrs: Export peer link id
  • shared/network: Get HostName field when possible
  • shared: Adds StringMapHasStringKey helper function
  • shared: handle SCM_CREDENTIALS when receiving fds
  • shared: add AbstractUnixReceiveFdData()
  • shared: fix $SNAP handling under new snappy
  • checkfeature: cleanup macros is_netnsid_aware
  • forkmount: cleanup macros
  • misc(rest-api.md): formatting
  • lxc/info: Show snapshot expiry
  • lxd/backup: Re-order checks for backup.yaml
  • lxc/config: Add targeting to 'lxc config'
  • lxd/containers: Export container location
  • lxd/storage/lvm: Pass nouuid for xfs backups
  • lxd/operations: Fill the Location field
  • lxc/operation: Show location column
  • lxd/cluster: Initialize candid on join
  • lxd/storage/ceph: Always unmap after use
  • lxd: Add username/fingerprint to request context
  • lxd: Cleanup authentication code
  • lxd: Drop initialShiftRootfs and always shift on start
  • lxd: Port to new idmap functions
  • api: Add id_map_current API extension
  • lxd/containers: Cleanup shifting
  • vendor: Temporary Raft vendoring
  • tests: Ignore vendor/
  • i18n: Update translation templates
  • lxd/storage/zfs: Run rename in clean mntns
  • lxd/cluster: Limit log message forwarding
  • lxd/images: Don't keep an in-memory simplestreams cache
  • patches: Fix names of pool volume LVs
  • lxd/patches: Fix LVM VG name
  • lxd/images: Fix simplestreams cache expiry
  • lxd/storage/ceph: Don't mix stderr with json
  • lxd/storage: Fix error message on differing maps
  • lxd/container: Moves network limits to be run as a network up hook rather than container start hook
  • lxd/container: removes unused arg from network limits function
  • forkproxy: make logfile close on exec
  • forkproxy: use standard macros on exit
  • lxd/db: Properly handle unsetting keys
  • lxd: More reliably grab interface host name
  • lxc/utils: Updates progress to stop outputting if msg is longer than window
  • lxd/candid: Cleanup config handling
  • lxd/cluster: Bump heartbeatInterval to 10s
  • lxd/cluster: Spread hearbeats in time
  • netns_getifaddrs: adapt to kernel changes
  • lxd/container: Only runs network up hook for nics that need it
  • test: Updates config tests to use host_name for nic tests
  • lxd/container: Changes disable_ipv6=1 to accept_ra=0 on host side interface
  • doc: Adds missing packages to install guide
  • lxd/profile: Port to APIEndpoint
  • lxd/internal: Port to APIEndpoint
  • lxd/cluster: Port to APIEndpoint
  • lxd/event: Port to APIEndpoint
  • lxd/daemon: Port to APIEndpoint
  • lxd/storage: Handle XFS with leftover journal entries
  • lxd/certificates: Make certificate add more robust
  • doc: Correct host_name property
  • lxd/storage/btrfs: Don't make ro snapshots when unpriv
  • lxd/containers: Don't needlessly mount snapshots
  • lxd/containers: Avoid costly storage calls during snapshot
  • lxd/cluster: Avoid panic in Gateway
  • lxd/cluster: Use current time for hearbeat
  • lxd/cluster: Fix race condition during join
  • lxd/images: Properly handle invalid protocols
  • network: Fixes custom MTU not being applied on hot plug
  • lxd/db: Fix bad test
  • tests: Fix race condition in proxy test
  • lxd: Use idmap.Equals
  • lxd/proxy: Fix goroutine leak
  • forkproxy: Retry epoll on EINTR
  • forkproxy: make helpers static
  • lxd: Rename parseAddr to proxyParseAddr
  • lxd/api: Rename serverResources to api10Resources
  • lxd/api: Rename snapshotHandler to containerSnapshotHandler
  • lxd/api: Rename operation functions for consistency
  • lxd/proxy: Drop unused function
  • lxd: Have Authenticate return the protocol
  • lxd: Don't allow remote access to internal API
  • lxd/migration: Fix feature negotiation
  • lxd/api: Rename certificateFingerprint to certficate
  • lxd/certificate: Port to APIEndpoint
  • lxd/resource: Port to APIEndpoint
  • lxd/operation: Port to APIEndpoint
  • lxd/api: Rename alias commands to imageAlias
  • lxd/api: Replace Command with APIEndpoint
  • lxd/storage: Port to APIEndpoint
  • lxd/network: Port to APIEndpoint
  • lxd/container: Port to APIEndpoint
  • lxd/image: Port to APIEndpoint
  • lxd/api: Handle AccessHandler
  • lxd/storage/ceph: Fix snapshot of running xfs/btrfs
  • lxd/containers: Be consistent with timestamps
  • lxd/db: Introduce ContainerConfigUpdate
  • lxd/containers: Don't diff go-lxc structs
  • lxd/network: Log failures to reload
  • lxd: Don't start on migration
  • api/cluster: Fixes missing return on SmartError
  • container/metadata: Fixes missing return on InternalError
  • doc: Clarify API security and options to restrict
  • Trigger the upgrade script if we detect a dqlite client with higher version
  • lxd/storage/ceph: Fix UUID re-generation
  • lxd/storage/ceph: Fix snapshot of running containers
  • lxd/containers: Speed up simple snapshot list
  • lxd/storage/ceph: Only rewrite UUID once
  • lxd/sys: Cleanup State struct
  • shared: Move network cgo to shared/netutils
  • shared/netutils: Move send/recv fd functions
  • test: Added more tests for container nics
  • lxd/containers: Replace ConfigKeySet with VolatileSet
  • test: Updates physical tests to detect MTU support in LXC
  • test: Updates macvlan tests to detect MTU support in LXC
  • lxc/move: Start container when appropriate
  • doc: Add section on container security
  • doc: s/HTTPs/HTTPS/g
  • doc: Remove mention of RBAC
  • doc: Re-structures container nic docs into each nic type
  • test: Re-works nic p2p and bridged tests to check for static routes working
  • lxd/container: Re-work limits handling
  • tests: Remove route testing
  • container/lxc: Records hotplugged p2p/bridged nic's host_name into volatile data
  • container/lxc: Runs network up hook for all p2p and bridged nics
  • container/lxc: Records host_name from LXC on p2p/bridged nic start
  • lxc/container: Removes unused getHostInterface()
  • lxd/networks: Fix ETag handling on clusters
  • container/lxc: Removes volatile host_name enrichment from fillNetworkDevice()
  • lxd/containers: Fix bad error
  • lxd/images fix compressErr return
  • lxd: Satisfy static analysis
  • lxc: Transition to golang.org/x/sys
  • lxd-p2c: Transition to golang.org/x/sys
  • lxd: Transition to golang.org/x/sys
  • shared: Transition to golang.org/x/sys
  • lxd/storage/btrfs: Delete any orphaned .ro snapshots See #5763 During a publish, a .ro subvolume snapshot copy is made whilst the original snapshot is set read-write. If lxd is killed before publish finishes, the *.ro copy can be left orphaned, and should be deleted when the associated snapshot is deleted.
  • This fixes #5804.
  • idmap: shift ro btrfs subvolumes
  • lxd/internal: Fix backup.Pool.Name check error message
  • Drop unless call to createContainerMountpoint
  • container: Adds OnStopNS() function that is run by LXC's stop hook feature
  • networks/utils: Adds networkGetDevMTU function
  • networks/utils: Adds networkGetDevMAC function
  • networks/utils: Adds networkSetDevMAC function
  • networks/utils: Adds networkSetDevMTU function
  • networks: Refactors fan mtu detection to use networkGetDevMTU
  • container/lxc: Adds snapshotPhysicalNic function
  • container/lxc: Stores mtu and mac of parent physical nic before start
  • container/lxc: Fix copy/paste error in error removeNetworkDevice
  • container/lxc: Adds detachInterfaceRename() function
  • container/lxc: Restores physical parent mtu and mac on device removal
  • doc: Upates volatile keys used for physical mtu and mac restoration
  • test: Tests for physical mtu and mac application and restoration
  • lxd/storage/btrfs: Fix qgroup handling
  • lxd/storage/btrfs: Fix argument ordering
  • container/lxc: Disables auto mac generation for sriov devices
  • tests: Always pass --force to stop/restart
  • checkfeature: remove unused variable
  • main: Fixes debug mode flag to actually enable debug mode
  • container/lxc: Adds error checking for calls to networkClearLease
  • networks/utils: Adds networkDHCPv4Release function
  • networks/utils: Adds networkDHCPv6Release function and associated packet helpers
  • networks/utils: Updates networkClearLease to use DHCP release helpers
  • container/lxc: Moves networkUpdateStatic during Stop with the other lease related code
  • networks: Starts dnsmasq with --no-ping option to avoid delaying lease file writes
  • tests: Adds DHCP lease release tests
  • lxd/networks: Adds --dhcp-rapid-commit when dnsmasq version > 2.79
  • tests: Make shellcheck happy
  • tests: Remove unused variable
  • lxd/containers: Fix cleanupHostVethDevices logic
  • lxd/storage/ceph: Fix bad cherry-pick from master
  • shared/termios: Fix port to sys/unix

Support and upgrade

LXD 3.0.4 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.14 has been released

17th of June 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.14!

This release's focus is on stability and performance with a strong focus on networking and clustering.

Users of advanced networking features will see a lot of improvements in interface tracking, restoration of past state and error handling. On the clustering side, some database improvements should reduce overall load when containers start/stop and DNS handling with Ubuntu Fan bridges was completely reworked for a much better experience.

Enjoy!

New features

Cluster: Re-worked DNS forwarding

The DNS forwarding logic used for clusters using Ubuntu Fan bridges has been updated to better handle nodes joining/leaving the cluster as well as now handling PTR (reverse DNS) records.

Script to factory reset LXD

A new script is now included for those users who would like to completely empty a LXD server of all containers, images, profiles, networks and projects. This can be particularly useful as part of cleanly removing LXD from the system.

Improvements to syscall interception

The syscall interception feature got some nice improvements, adding support for the mknodat syscall alongside the existing mknod syscall, offloading of some of the argument comparison to the kernel so only device nodes request get intercepted and overlayfs' whiteout file has been added to the list of allowed syscalls, resolving a number of issues with running Docker inside of LXD.

This feature requires a 5.0 kernel or higher, a current git snapshot of libseccomp and a current git snapshot of liblxc, so it will not be widely available in distributions shipping LXD but the edge snap package, combined with a suitable kernel will have all the needed bits in place.

Bugs fixed

  • doc: Add IPVLAN required sysctls to container docs
  • doc: Add section on container security
  • doc: Clarify API security and options to restrict
  • doc: Fix typo in networks.md
  • doc: IPVLAN doc tweaks for gateway and DNS nameservers
  • doc: Remove trailing whitespace
  • doc: Re-structures container nic docs into each nic type
  • doc: s/HTTPs/HTTPS/g
  • doc: Upate volatile keys used for physical mtu and mac restoration
  • i18n: Update translations from weblate
  • lxc: Transition to golang.org/x/sys
  • lxc/move: Start container when appropriate
  • lxc-to-lxd: Transition to golang.org/x/sys
  • lxd/api: Expose LXC network_phys_macvlan_mtu feature
  • lxd: Satisfy static analysis
  • lxd: Transition to golang.org/x/sys
  • lxd/backup: Fix crash when renaming non-existent backup
  • lxd/backups: Fix backup.Pool.Name check error message
  • lxd/cluster: Fix missing return on SmartError
  • lxd/cluster: Trigger the upgrade if we detect a higher dqlite client version
  • lxd/containers: Add detachInterfaceRename() function
  • lxd/containers: Add IPVLAN L3S mode l2proxy sysctl checks
  • lxd/containers: Add OnStopNS() function run by LXC's stop hook feature
  • lxd/containers: Add snapshotPhysicalNic function
  • lxd/containers: Add static routes for bridged veth devices
  • lxd/containers: Be consistent with timestamps
  • lxd/containers: Don't diff go-lxc structs
  • lxd/containers: Don't start on migration
  • lxd/containers: Fix bad error
  • lxd/containers: Fix copy/paste error in error removeNetworkDevice
  • lxd/containers: Fixes custom MTU not being applied on hot plug
  • lxd/containers: Fix ipvlan support check
  • lxd/containers: Fix minute rollover issue in scheduled snapshots
  • lxd/containers: Fix missing return on InternalError
  • lxd/containers: Make static routes use boot proto for tracking
  • lxd/containers: Move IPVLAN init code into own function
  • lxd/containers: Record host_name from LXC on p2p/bridged nic start
  • lxd/containers: Record hotplugged p2p/bridged nic host_name in volatile data
  • lxd/containers: Remove unused getHostInterface()
  • lxd/containers: Remove volatile host_name from fillNetworkDevice()
  • lxd/containers: Replace ConfigKeySet with VolatileSet
  • lxd/containers: Restore physical parent mtu and mac on device removal
  • lxd/containers: Run network up hook for all p2p and bridged nics
  • lxd/containers: Store mtu and mac of parent physical nic before start
  • lxd/daemon: Add forkdns server list refresh task to cluster tasks
  • lxd/db: Introduce ContainerConfigUpdate
  • lxd/db: Sort container snapshots by creation date
  • lxd/forkdns: Add constants for forkdns servers path and file
  • lxd/forkdns: Answer PTR and A requests from leases file
  • lxd/forkdns: Ensure forkdns remains running when LXD exits
  • lxd/forkdns: Implement logging
  • lxd/forkdns: Remove unused includes
  • lxd/forkdns: Restore usage output text when running with no arguments
  • lxd/forkdns: Update forkdns to live reload from config files
  • lxd/forkmknod: Attach to mntns when task is chrooted
  • lxd/images: Fix compressErr return
  • lxd/networks: Add container boot route functions
  • lxd/networks: Add forkdns servers file refresh functions
  • lxd/networks: Add networkGetDevMAC function
  • lxd/networks: Add networkGetDevMTU function
  • lxd/networks: Add networkSetDevMAC function
  • lxd/networks: Add networkSetDevMTU function
  • lxd/networks: Add networkUpdateForkdnsServersTask function
  • lxd/networks: Add refreshForkdnsServerAddresses function
  • lxd/networks: Create forkdns.servers directory and empty config file
  • lxd/networks: DNS clustered mode is correctly detected during LXD init
  • lxd/networks: Fix ETag handling on clusters
  • lxd/networks: Log failures to reload
  • lxd/networks: Refactor fan mtu detection to use networkGetDevMTU
  • lxd/networks: Remove __internal dnsmasq domain
  • lxd/networks: Remove own address from addresses passed to forkdns
  • lxd/networks: Save/restore container (boot proto) routes when starting
  • lxd/networks: Simplify spawnForkDNS to not get cluster server list
  • lxd/patches: Fix handling of containers-snapshots
  • lxd/seccomp: Filter based on arguments
  • lxd/seccomp: Fix building on older kernels
  • lxd/seccomp: Fix missing ";"
  • lxd/storage: Allow quota on dir custom volumes
  • lxd/storage: Drop useless call to createContainerMountpoint
  • lxd/storage/btrfs: Delete any orphaned *.ro snapshots
  • lxd/storage/btrfs: Fix argument ordering
  • lxd/storage/btrfs: Fix copy of nested subvolumes
  • lxd/storage/btrfs: Fix qgroup handling
  • lxd/storage/zfs: Fix snapshot restore on project
  • lxd/storage/zfs: Handle projects correctly
  • lxd-p2c: Transition to golang.org/x/sys
  • shared: Transition to golang.org/x/sys
  • shared/idmap: Shift ro btrfs subvolumes
  • tests: Add DNS clustering tests
  • tests: Add further p2p nic tests for various scenarios
  • tests: Add more tests for container nics
  • tests: Add tests for container backup renames
  • tests: Have ipvlan test activates ipv4 forwarding
  • tests: Ignore vendor/
  • tests: Re-work nic p2p and bridged tests to check for static routes working
  • tests: Test for physical mtu and mac application and restoration
  • tests: Update forkdns tests to work with double fork
  • tests: Update macvlan tests to detect MTU support in LXC
  • tests: Update physical tests to detect MTU support in LXC
  • vendor: Temporary Raft vendoring

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.13 has been released

9th of May 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.13!

This is another very exciting LXD release, packed with useful features and a lot of bugfixes and performance improvements!

The latest addition to the LXD team, @tomp has been busy improving the LXD networking experience with quite a few new features and bugfixes already making it into this release.

We've also gotten all the plumbing needed for system call interception done and in place in this release, currently handling mknod on supported systems.

Cluster users will enjoy this release too, thanks to scaling improvements, reducing the load on the leader a bit and improving container copies and migration, especially on CEPH clusters.

Enterprise users will like the addition of Role Based Access Control through the external Canonical RBAC service, making it possible to control permissions to individual projects on your LXD servers and assign roles to your users and groups.

And we've even managed to get quotas working for the dir storage backend at last, thanks to the addition of filesystem project quotas in recent kernels.

Enjoy!

New features

Cluster: Improved heartbeat interval

In a LXD cluster, the current leader periodically sends a hearbeat to all other cluster members. The main purpose of this is to detect offline cluster members, marking them as offline in the database so that queries no longer block on them. A secondary use for those hearbeats is to refresh the list of database nodes.

Previously, this was done every 4s with all cluster members being contacted at the same time, resulting in spikes in CPU and network traffic, especially on the current cluster leader.

LXD 3.13 changes that by bumping the interval to 10s and by adding randomization to the timing of the hearbeats so that not all cluster members are contacted at the same time. Extra logic was also added to detect cluster members that get added during a hearbeat run.

Cluster Internal container copy

LXD 3.13 now properly implements one step container copies, similar to how you would normally copy a container on a standalone LXD instance. Prior to this, the client had to know whether to perform a copy (if staying on the same cluster member) or a migration (if going to another cluster member), this is now all done internally.

A side benefit of this fix is that all CEPH copies are now near instantaneous on clusters as those do not require any migration at all.

Initial syscall interception support

LXD 3.13 when combined with a 5.0 or higher kernel, as well as the very latest libseccomp and liblxc can now intercept and mediate system calls in userspace.

For this first pass, we have focused on mknod, implementing a basic allow list of devices which can now be created by unprivileged containers.

It will take a little while before this feature can be commonly used as we will need an upstream release of both libseccomp and liblxc and are waiting for further improvements to the feature in the kernel too.

We will be building upon this capability to allow specific filesystems to be mounted inside unprivileged containers in the future as well as allow things like kernel module loading and more (all will require opt-in from the administrator).

Role Based Access Control (RBAC)

Users of the Canonical RBAC service can now integrate LXD with it.

LXD will register all its projects with RBAC, allowing administrators to assign roles to users/groups for specific projects or for the entire LXD instance.

Currently this includes the following permissions:

  • Full administrative access to LXD
  • Management of containers (creation, deletion, re-configuration, ...)
  • Operation of containers (start/stop/restart, exec, console, ...)
  • Management of images (creation, deletion, aliases, ...)
  • Management of profiles (creation, deletion, re-configuration, ...)
  • Management of the project itself (re-configuration)
  • Read-only access (view everything tied to a project)

This gets us one step closer to being able to run a shared LXD cluster with unprivileged users being able to run containers on it without concerns of them escalating their privileges.

IPVLAN support

LXD can now make use of the recent implementation of ipvlan in LXC. When running a suitably recent version of LXC, IPVLAN can now be configured in LXD through a nic device:

  • Setting the nictype property to ipvlan
  • Setting the parent property to the expected outgoing device
  • For IPv4, setting ipv4.address to the desired address
  • For IPv6, setting ipv6.address to the desired address

Here is an example of it in action:

stgraber@castiana:~$ lxc init ubuntu:18.04 ipvlan
Creating ipvlan
stgraber@castiana:~$ lxc config device add ipvlan eth0 nic nictype=ipvlan parent=wlan0 ipv4.address=172.17.0.100 ipv6.address=2001:470:b0f8:1000:1::100
Device eth0 added to ipvlan
stgraber@castiana:~$ lxc start ipvlan
stgraber@castiana:~$ lxc exec ipvlan bash
root@ipvlan:~# ifconfig 
eth0: flags=4291<UP,BROADCAST,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.17.0.100  netmask 255.255.255.255  broadcast 255.255.255.255
        inet6 2001:470:b0f8:1000:1::100  prefixlen 128  scopeid 0x0<global>
        inet6 fe80::28:f800:12b:bdf8  prefixlen 64  scopeid 0x20<link>
        ether 00:28:f8:2b:bd:f8  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 5 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ipvlan:~# ip -4 route show
default dev eth0

root@ipvlan:~# ip -6 route show
2001:470:b0f8:1000:1::100 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default dev eth0 metric 1024 pref medium

root@ipvlan:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=14.4 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.476/14.476/14.476/0.000 ms

root@ipvlan:~# ping6 -n 2607:f8b0:400b:800::2004
PING 2607:f8b0:400b:800::2004(2607:f8b0:400b:800::2004) 56 data bytes
64 bytes from 2607:f8b0:400b:800::2004: icmp_seq=1 ttl=57 time=21.2 ms
--- 2607:f8b0:400b:800::2004 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.245/21.245/21.245/0.000 ms
root@ipvlan:~#

Quota support on dir storage backend

Support for the project quota feature of recent Linux kernels has been added.

When the backing filesystem for a dir type storage pool is suitably configured, container quotas can now be set as with other storage backends and disk usage is also properly reported.

stgraber@castiana:~$ sudo truncate -s 10G /tmp/ext4.img
stgraber@castiana:~$ sudo mkfs.ext4 /tmp/ext4.img 
mke2fs 1.44.6 (5-Mar-2019)
Discarding device blocks: done                            
Creating filesystem with 2621440 4k blocks and 655360 inodes
Filesystem UUID: d8ab56d9-1e84-40ee-921a-c68c06ad6625
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done     
stgraber@castiana:~$ sudo tune2fs -O project -Q prjquota /tmp/ext4.img 
tune2fs 1.44.6 (5-Mar-2019)

stgraber@castiana:~$ sudo mount -o prjquota /tmp/ext4.img /mnt/
stgraber@castiana:~$ sudo rmdir /mnt/lost+found/
stgraber@castiana:~$ lxc storage create mnt dir source=/mnt
Storage pool mnt created

stgraber@castiana:~$ lxc launch ubuntu:18.04 c1 -s mnt
Creating c1
Starting c1
stgraber@castiana:~$ lxc exec c1 -- df -h
Filesystem                                           Size  Used Avail Use% Mounted on
/var/lib/lxd/storage-pools/mnt/containers/c1/rootfs  9.8G  742M  8.6G   8% /
none                                                 492K     0  492K   0% /dev
udev                                                 7.7G     0  7.7G   0% /dev/tty
tmpfs                                                100K     0  100K   0% /dev/lxd
tmpfs                                                100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                7.8G     0  7.8G   0% /dev/shm
tmpfs                                                7.8G  152K  7.8G   1% /run
tmpfs                                                5.0M     0  5.0M   0% /run/lock
tmpfs                                                7.8G     0  7.8G   0% /sys/fs/cgroup

stgraber@castiana:~$ lxc config device set c1 root size 1GB
stgraber@castiana:~$ lxc exec c1 -- df -h
Filesystem                                           Size  Used Avail Use% Mounted on
/var/lib/lxd/storage-pools/mnt/containers/c1/rootfs  954M  706M  249M  74% /
none                                                 492K     0  492K   0% /dev
udev                                                 7.7G     0  7.7G   0% /dev/tty
tmpfs                                                100K     0  100K   0% /dev/lxd
tmpfs                                                100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                7.8G     0  7.8G   0% /dev/shm
tmpfs                                                7.8G  152K  7.8G   1% /run
tmpfs                                                5.0M     0  5.0M   0% /run/lock
tmpfs                                                7.8G     0  7.8G   0% /sys/fs/cgroup

stgraber@castiana:~$ lxc info c1
Name: c1
Location: none
Remote: unix://
Architecture: x86_64
Created: 2019/05/09 16:09 UTC
Status: Running
Type: persistent
Profiles: default
Pid: 10096
Ips:
  eth0: inet    10.166.11.38    vethKM0DFY
  eth0: inet6   2001:470:b368:4242:216:3eff:fe4b:2c3    vethKM0DFY
  eth0: inet6   fe80::216:3eff:fe4b:2c3 vethKM0DFY
  lo:   inet    127.0.0.1
  lo:   inet6   ::1
Resources:
  Processes: 24
  Disk usage:
    root: 739.77MB
  CPU usage:
    CPU usage (in seconds): 7
  Memory usage:
    Memory (current): 104.91MB
    Memory (peak): 229.67MB
  Network usage:
    lo:
      Bytes received: 1.23kB
      Bytes sent: 1.23kB
      Packets received: 12
      Packets sent: 12
    eth0:
      Bytes received: 480.35kB
      Bytes sent: 27.21kB
      Packets received: 332
      Packets sent: 277

Routes on container NIC devices

New ipv4.routes and ipv6.routes options on the nic devices make it possible to tie a particular route to a specific container, making it follow the container as it's moved between hosts.

This will usually be a better option than using the similarly named key on the network itself.

Configurable NAT source address

New ipv4.nat.address and ipv6.nat.address properties on LXD networks now make it possible to override the outgoing IP address for a particular bridge.

LXC features exported in API

Similar to what was done in the previous release with kernel features, specific LXC features which LXD can use when present are now exported by the LXD API so that clients can check what advanced feature to expect on the target.

  lxc_features:
    mount_injection_file: "true"
    network_gateway_device_route: "true"
    network_ipvlan: "true"
    network_l2proxy: "true"
    seccomp_notify: "true"

Bugs fixed

  • client: Consider volumeOnly option when migrating
  • client: Copy volume config and description
  • client: Don't crash on missing stdin
  • client: Fix copy from snapshot
  • client: Fix copying between two unix sockets
  • doc: Adds missing packages to install guide
  • doc: Correct host_name property
  • doc: Update storage documentation
  • i18n: Update translations from weblate
  • lxc/copy: Don't strip volatile keys on refresh
  • lxc/utils: Updates progress to stop outputting if msg is longer than window
  • lxd/api: Rename alias commands to imageAlias
  • lxd/api: Rename apiProject to project
  • lxd/api: Rename certificateFingerprint to certficate
  • lxd/api: Rename operation functions for consistency
  • lxd/api: Rename serverResources to api10Resources
  • lxd/api: Rename snapshotHandler to containerSnapshotHandler
  • lxd/api: Replace Command with APIEndpoint
  • lxd/api: Sort API commands list
  • lxd/candid: Cleanup config handling
  • lxd/certificates: Make certificate add more robust
  • lxd/certificates: Port to APIEndpoint
  • lxd/cluster: Avoid panic in Gateway
  • lxd/cluster: Fix race condition during join
  • lxd/cluster: Port to APIEndpoint
  • lxd/cluster: Use current time for hearbeat
  • lxd/cluster: Workaround new raft logging
  • lxd/containers: Avoid costly storage calls during snapshot
  • lxd/containers: Change disable_ipv6=1 to accept_ra=0 on host side interface
  • lxd/containers: Don't fail on old libseccomp
  • lxd/containers: Don't needlessly mount snapshots
  • lxd/containers: Early check for running container refresh
  • lxd/containers: Fix bad operation type
  • lxd/containers: Fix profile snapshot settings
  • lxd/containers: Moves network limits to network up hook
  • lxd/containers: Only run network up hook for nics that need it
  • lxd/containers: Optimize snapshot retrieval
  • lxd/containers: Port to APIEndpoint
  • lxd/containers: Remove unused arg from network limits function
  • lxd/containers: Speed up simple snapshot list
  • lxd/daemon: Port to APIEndpoint
  • lxd: Don't allow remote access to internal API
  • lxd: Fix volume migration with snapshots
  • lxd: Have Authenticate return the protocol
  • lxd: More reliably grab interface host name
  • lxd: Port from HasApiExtension to LXCFeatures
  • lxd: Rename parseAddr to proxyParseAddr
  • lxd: Use idmap.Equals
  • lxd/db: Fix substr handling for containers
  • lxd/db: Parent filter for ContainerList
  • lxd/db/profiles: Fix cross-project updates
  • lxd/db: Properly handle unsetting keys
  • lxd/event: Port to APIEndpoint
  • lxd/images: Fix project handling on copy
  • lxd/images: Fix simplestreams cache expiry
  • lxd/images: Port to APIEndpoint
  • lxd/images: Properly handle invalid protocols
  • lxd/images: Replicate images to the right project
  • lxd/internal: Port to APIEndpoint
  • lxd/migration: Fix feature negotiation
  • lxd/network: Filter leases by project
  • lxd/network: Fix DNS records for projects
  • lxd/network: Port to APIEndpoint
  • lxd/operation: Port to APIEndpoint
  • lxd/patches: Fix LVM VG name
  • lxd/profiles: Optimize container updates
  • lxd/profiles: Port to APIEndpoint
  • lxd/projects: Port to APIEndpoint
  • lxd/proxy: Correctly handle unix: path rewriting with empty bind=
  • lxd/proxy: Don't wrap string literal
  • lxd/proxy: Fix goroutine leak
  • lxd/proxy: Handle mnts for abstract unix sockets
  • lxd/proxy: Make helpers static
  • lxd/proxy: Make logfile close on exec
  • lxd/proxy: Only attach to mntns for unix sockets
  • lxd/proxy: Retry epoll on EINTR
  • lxd/proxy: Use standard macros on exit
  • lxd/proxy: Validate the addresses
  • lxd/resource: Port to APIEndpoint
  • lxd/storage: Don't hardcode default project
  • lxd/storage: Fix error message on differing maps
  • lxd/storage: Handle XFS with leftover journal entries
  • lxd/storage: Port to APIEndpoint
  • lxd/storage/btrfs: Don't make ro snapshots when unpriv
  • lxd/storage/ceph: Don't mix stderr with json
  • lxd/storage/ceph: Fix snapshot of running containers
  • lxd/storage/ceph: Fix snapshot of running xfs/btrfs
  • lxd/storage/ceph: Fix UUID re-generation
  • lxd/storage/ceph: Only rewrite UUID once
  • lxd/sys: Cleanup State struct
  • scripts/bash: Add bash completion for profile/container device get, set, unset
  • shared: Add StringMapHasStringKey helper function
  • shared: Fix $SNAP handling under new snappy
  • shared: Fix Windows build
  • shared/idmap: Add comparison function
  • shared/netutils: Adapt to kernel changes
  • shared/netutils: Add AbstractUnixReceiveFdData()
  • shared/netutils: Export peer link id in getifaddrs
  • shared/netutils: Handle SCM_CREDENTIALS when receiving fds
  • shared/netutils: Move network cgo to shared/netutils
  • shared/netutils: Move send/recv fd functions
  • shared/network: Fix reporting of down interfaces
  • shared/network: Get HostName field when possible
  • shared/osarch: Add i586 to arch aliases
  • tests: Extend migration tests
  • tests: Handle built-in shiftfs
  • tests: Updates config tests to use host_name for nic tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.12 has been released

5th of April 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.12!

This is one of the more feature packed releases and if you are a cluster user, there should be a lot to be happy about!

We have taken a look through all LXD commands and how they work against clusters, improved our APIs where they were lacking and tweaked the commands to give cluster operators a better experience.

But cluster improvements are far from the only thing improved with this LXD releases.

We've also finally got shiftfs support! This feature we've been planning for well over a year is finally there when combined with a suitable kernel. With this, LXD containers don't need any slow shifting on initial startup, reducing the filesystem delta and making container creation so much faster!

Lastly, resource reporting was significantly improved, both in the API and the CLI. We now have more details about the CPU topology, especially NUMA for multi-socket systems and are also now exposing GPU configuration.

Enjoy!

New features

Cluster: Aggregated DHCP leases

LXD managed networks that span multiple cluster members now show a unified view of their DHCP leases, showing hostname, MAC, address and the cluster member's name for each lease.

root@edfu:~# lxc network list-leases lxdfan0
+----------+-------------------+--------------+---------+----------+
| HOSTNAME |    MAC ADDRESS    |  IP ADDRESS  |  TYPE   | LOCATION |
+----------+-------------------+--------------+---------+----------+
| a1       | 00:16:3e:2b:de:8c | 240.31.0.206 | DYNAMIC | edfu     |
+----------+-------------------+--------------+---------+----------+
| a2       | 00:16:3e:01:99:58 | 240.34.0.124 | DYNAMIC | djanet   |
+----------+-------------------+--------------+---------+----------+
| a3       | 00:16:3e:b4:8b:94 | 240.36.0.96  | DYNAMIC | nuturo   |
+----------+-------------------+--------------+---------+----------+
| a4       | 00:16:3e:52:13:2b | 240.31.0.212 | DYNAMIC | edfu     |
+----------+-------------------+--------------+---------+----------+
| a5       | 00:16:3e:45:54:80 | 240.34.0.68  | DYNAMIC | djanet   |
+----------+-------------------+--------------+---------+----------+
| a6       | 00:16:3e:d1:81:e3 | 240.36.0.90  | DYNAMIC | nuturo   |
+----------+-------------------+--------------+---------+----------+

Cluster: Events now show location

Event messages are now all marked with the name of the originating cluster member as their location.

location: edfu
metadata:
  class: task
  created_at: "2019-04-05T04:13:21.212580932Z"
  description: Creating container
  err: ""
  id: 0c8e4a7d-ef7b-41a0-b949-7030f9aa6827
  location: edfu
  may_cancel: false
  metadata: null
  resources:
    containers:
    - /1.0/containers/a10
  status: Running
  status_code: 103
  updated_at: "2019-04-05T04:13:21.212580932Z"
timestamp: "2019-04-05T04:13:21.223834434Z"
type: operation

Additionally LXD will now only forward log messages of importance WARN or higher to other members, keeping the INFO and DBUG messages local to reduce network chatter. This behavior can be changed by starting the LXD daemon in debug mode, at which point all log levels will be broadcasted again.

Cluster: Operations now show location

Another area that now benefits from clear tracking of cluster members is operations, as can be seen in lxc operation list:

root@edfu:~# lxc operation list
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+
|                  ID                  |   TYPE    |    DESCRIPTION    | STATUS  | CANCELABLE |       CREATED        | LOCATION |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+
| 36c11142-52d8-4c1e-a342-63657096cdec | WEBSOCKET | Executing command | RUNNING | NO         | 2019/04/05 04:19 UTC | edfu     |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+
| 701175cf-df82-4ef5-8078-a25d83b770b3 | WEBSOCKET | Executing command | RUNNING | NO         | 2019/04/05 04:19 UTC | djanet   |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+----------+

This now makes it clear what cluster member is busy doing what and should simplify making sure that a system isn't actively used before performing maintenance on it.

Cluster: Support for --target in more commands

The following commands have now grown support for --target:

  • lxc config edit/get/show/set/unset
  • lxc info [--resources]
  • lxc network info
  • lxc storage info

This makes it possible to configure some member-specific daemon configuration options, query cluster member runtime information and system resources, get detailed network statistics and storage usage.

Shiftfs support

This is a feature we've been looking forward to for years and that we are really excited to finally see coming to completion. shiftfs allows for an unprivileged container experience that doesn't need any shifting of the filesystem, instead having the kernel do it on the fly.

This requires kernel support through the shiftfs filesystem which is currently a custom patchset that will be present in the Ubuntu 19.04 kernel.

LXD automatically detects support for this and will transparently start using it whenever possible.

Kernel features now exported over API

For some time now, LXD has been detecting a number of optional kernel features on startup and would print an overview then. That same information is now exposed over the API and visible in lxc info.

  kernel_features:
    netnsid_getifaddrs: "true"
    shiftfs: "true"
    uevent_injection: "true"
    unpriv_fscaps: "true"

Improved CPU reporting

The server resources API now exposes CPU sockets and NUMA node information, making it easier to do CPU pinning for containers.

root@djanet:~# lxc info --resources --target edfu
CPUs:
  Socket 0:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU           E5430  @ 2.66GHz
    Cores: 4
    Threads: 4
    Frequency: 1999Mhz (max: 2336Mhz)
    NUMA node: 0
  Socket 1:
    Vendor: GenuineIntel
    Name: Intel(R) Xeon(R) CPU           E5430  @ 2.66GHz
    Cores: 4
    Threads: 4
    Frequency: 1999Mhz (max: 2336Mhz)
    NUMA node: 1

Memory:
  Free: 18.37GB
  Used: 557.76MB
  Total: 18.93GB

GPU:
  Vendor: ASPEED Technology, Inc. (1a03)
  Product: ASPEED Graphics Family (2000)
  PCI address: 0000:06:03.0
  Driver: ast (4.15.0-47-generic)
  NUMA node: 0

The output of lxc info --resources has also been tweaked to adapt to the hardware present on the system.

GPU reporting

As you may have noticed in the previous listing, GPUs are now present in the system resources output. Additional information can also be seen for NVIDIA cards:

root@vm10:~# lxc info --resources
CPU:
  Vendor: GenuineIntel
  Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz
  Cores: 2
  Threads: 4
  Frequency: 2400Mhz
  NUMA node: 0

Memory:
  Free: 8.14GB
  Used: 225.81MB
  Total: 8.36GB

GPUs:
  Card 0:
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:00:07.0
    Driver: nvidia (418.56)
    NUMA node: 0
    NVIDIA information:
      Architecture: 3.5
      Brand: GeForce
      Model: GeForce GT 730
      CUDA Version: 10.1
      NVRM Version: 418.56
      UUID: GPU-6ddadebd-dafe-2db9-f10f-125719770fd3
  Card 1:
    Vendor: NVIDIA Corporation (10de)
    Product: GK208B [GeForce GT 730] (1287)
    PCI address: 0000:00:09.0
    Driver: nvidia (418.56)
    NUMA node: 0
    NVIDIA information:
      Architecture: 3.5
      Brand: GeForce
      Model: GeForce GT 730
      CUDA Version: 10.1
      NVRM Version: 418.56
      UUID: GPU-253db1df-f725-a174-99d4-a8933288c39e

Snapshot expiry now visible in lxc info

On top of showing when a snapshot was taken, snapshots that have an expiry will now show their expiry in the listing too.

root@djanet:~# lxc info a1
Name: a1
Location: edfu
Remote: unix://
Architecture: x86_64
Created: 2019/04/05 04:07 UTC
Status: Stopped
Type: persistent
Profiles: default
Snapshots:
  snap0 (taken at 2019/04/05 04:20 UTC) (expires at 2019/04/05 05:20 UTC) (stateless)
  snap1 (taken at 2019/04/05 04:50 UTC) (expires at 2019/04/05 05:50 UTC) (stateless)
  snap2 (taken at 2019/04/05 04:55 UTC) (expires at 2019/04/05 05:55 UTC) (stateless)
  snap3 (taken at 2019/04/05 04:52 UTC) (stateless)
  snap4 (taken at 2019/04/05 05:00 UTC) (expires at 2019/04/05 06:00 UTC) (stateless)

Bugs fixed

  • client: Optimize copies on same nodes
  • client: Properly generate events URL
  • doc: Fix typo in api-extensions.md
  • doc: Inform about ZFS pool default compression
  • doc: Introduce volatile.idmap.current
  • doc: Fix typo in faq.md
  • doc: Tweak markdown format in storage.md
  • doc: Update documentation for snapshots.pattern
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Use shared.IsSnapshot
  • lxc/action: skip containers with intended state
  • lxc/config: Use shared.IsSnapshot
  • lxc/launch: Show start progress
  • lxd: Don't leak netlink fds
  • lxd: Drop initialShiftRootfs and always shift on start
  • lxd/backups: Attempt to delete storage on failure
  • lxd/backups: Cleanup on failure
  • lxd/backups: Re-order checks for backup.yaml
  • lxd/cluster: Export Snapshot function
  • lxd/cluster: Initialize candid on join
  • lxd/cluster: Limit log message forwarding
  • lxd/containers: Cleanup shifting
  • lxd/containers: Cleanup template application
  • lxd/containers: Export container location
  • lxd/containers: Fix crash on refresh of non-existing
  • lxd/containers: Fix owner/mode of container path
  • lxd/containers: Handle mid-remap containers
  • lxd/containers: Properly handle tar shifting
  • lxd/containers: Stop proxy before storage
  • lxd/containers: Use LXC hook version 1
  • lxd/devices: Cleanup GPU structs
  • lxd/devices: Track vendor/product names and driver
  • lxd/images: Don't keep an in-memory simplestreams cache
  • lxd/internal: Expose raft-snapshot
  • lxd/internal: Have GC endpoint release memory
  • lxd/main_forkproxy: Fix epoll
  • lxd/migration: Shift CRIU files to current map
  • lxd/migration: Fix handling of missing profiles
  • lxd/networks: Bring mtu device up
  • lxd/patches: Fix names of pool volume LVs
  • lxd/resources: Fix bad CPU reporting
  • lxd/response: Simplify SmartError
  • lxd/storage: Make use of shared.IsSnapshot
  • lxd/storage: Remove setUnprivUserACL
  • lxd/storage: Rename ShiftIfNecessary to resetContainerDiskIdmap
  • lxd/storage: Rename shiftRootfs to initialShiftRootfs
  • lxd/storage: Add helper function to get volume snapshots
  • lxd/storage: Fix copying and moving volume snapshots
  • lxd/storage/btrfs: Fix volume copy with snapshots
  • lxd/storage/ceph: Always unmap after use
  • lxd/storage/ceph: Fix copying existing volume snap
  • lxd/storage/ceph: Fix volume copy with snapshots
  • lxd/storage/ceph: Only freeze if needed
  • lxd/storage/dir: Fix volume copy with snapshots
  • lxd/storage/lvm: Fix LV naming
  • lxd/storage/lvm: Fix volume copy with snapshots
  • lxd/storage/lvm: Pass nouuid for xfs backups
  • lxd/storage/zfs: Fix volume copy with snapshots
  • lxd/storage/zfs: Run rename in clean mntns
  • lxd/tasks: Avoid races on startup
  • lxd-p2c: Workaround for broken /proc/self/exe
  • shared: Switch ParseNumberFromFile to simple read
  • shared/api: Drop StoragePool from Resources struct
  • shared/api: Sort ServerEnvironment struct
  • shared/idmap: Use separate uid and gid entries
  • shared/osarch: Add Plamo x86 arch
  • shared/simplestreams: Align JSON struct for images.json
  • shared/simplestreams: Align JSON struct for index.json
  • shared/utils: Do not chown terminal master fd
  • tests: Add volume copy tests
  • tests: Allow up to 15s for container reboot
  • tests: Fix race condition in proxy test
  • tests: Make proxy tests work with shiftfs
  • tests: Make security tests work with shiftfs
  • tests: Remove dead code
  • tests: Update resources test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.11 has been released

6th of March 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.11!

As most of our current work is large features and refactoring, this release mostly contains bugfixes based on reported issues and bugs we found along the way.

It also features the same C hardening work which has been ongoing on the LXC side for a while now, which should reduce the chances of any mistakes being made in that sensitive code.

That's not to say there isn't anything new in this release, a number of small improvements to our user experience have been included, improving progress reporting, snapshot handling and centralized authentication.

Enjoy!

New features

Configurable snapshot expiry at creation time

Past releases introduced automated snapshots and then automated snapshot expiry.

As a configured default expiry applies to all snaphosts, not just automated ones and it's a bit of a hassle to manually create snapshots just to then go and edit them to change their expiry, it's now possible to set an expiry at snapshot creation time.

At the API level this can be done with an exact timestamp which if set to null will make a persistent snapshot regardless of any configured auto-expiry.

At the CLI level, this can be used with the new --no-expiry flag to lxc snapshot.

Progress reporting for publish operations

When running lxc publish against a container or snapshot, some progress information is now displayed. This is similar to image transfers and container migrations and should help confirm that something is indeed happening.

Improvements to Candid authentication

A few changes happened to how Candid authentication is handled by the CLI:

Per-remote authentication cookies

Prior to this release, a shared "cookie jar" was used for all remotes.

This would sometimes cause inconsistent behaviors when two remotes were using the same Candid authentication server as adding the second remote would re-use the existing cookie, potentially ignoring the authentication domain and not requiring a new authentication roundtrip.

Now every remote has its own "cookie jar" and LXD's behavior when adding remotes is now always identical.

Candid preferred over TLS for new remotes

When using lxc remote add to add a new remote, if that remote supports Candid for authentication, this will be used instead of TLS authentication.

The authentication type can always be overriden with --auth-type.

Remote list now shows Candid domain

The remote list will now indicate what Candid domain is used, when one was specified during lxc remote add:

stgraber@castiana:~$ lxc remote list
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
|      NAME       |                   URL                    |   PROTOCOL    |       AUTH TYPE       | PUBLIC | STATIC |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| images          | https://images.linuxcontainers.org       | simplestreams | none                  | YES    | NO     |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| local (default) | unix://                                  | lxd           | file access           | NO     | YES    |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| nuc01           | https://nuc01.maas.mtl.stgraber.net:8443 | lxd           | candid (usso)         | NO     | NO     |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| nuc02           | https://nuc02.maas.mtl.stgraber.net:8443 | lxd           | candid (stgraber.net) | NO     | NO     |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| ubuntu          | https://cloud-images.ubuntu.com/releases | simplestreams | none                  | YES    | YES    |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+
| ubuntu-daily    | https://cloud-images.ubuntu.com/daily    | simplestreams | none                  | YES    | YES    |
+-----------------+------------------------------------------+---------------+-----------------------+--------+--------+

Bugs fixed

  • client: Empty stdin channel on exec completion
  • client: Fix goroutine leak in ExecContainer
  • client: Revert "client: fix goroutine leak in ExecContainer"
  • doc: Add first stab at FAQ
  • doc: Fix typoes in faq.md
  • doc: Update rest-api.md formatting
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Improve error handling in execIfAliases
  • lxc: Update for per-remote candid domain/cookies
  • lxc/cluster: Prompt for confirmation when using --delete to remove a server
  • lxc/console: Remove unused code
  • lxc/exec: Cleanup terminal logic
  • lxc/exec: Don't use Exit
  • lxc/list: Fix multiple filters
  • lxc/monitor: Don't directly use Exit
  • lxc/profile: Make json/yaml consistent
  • lxc/remote: Tweak remote list
  • lxd: Add username/fingerprint to request context
  • lxd: Cleanup authentication code
  • lxd: Copy C smarts from LXC into lxd/include/
  • lxd: Fix duplicate scheduled snapshots
  • lxd: Fix failing backup import
  • lxd: Fix snapshot expiry for scheduled snapshots
  • lxd: Fix variable in range
  • lxd: Remove backup directory after creating tarball
  • lxd: Set correct progress data for backup/publish
  • lxd/checkfeature: Cleanup macros is_netnsid_aware
  • lxd/checkfeature: Cleanup macros netns_set_nsid
  • lxd/containers: Set liblxc env for CVE-2019-5736
  • lxd/containers: Skip interface removal if missing
  • lxd/containers: Validate ipv4/ipv6 address
  • lxd/daemon: Move autoSyncImagesTask to clusterTasks
  • lxd/daemon: When starting up, use the cluster.https_address as key for updating the nodes table
  • lxd/db: A node with custom volumes is not empty
  • lxd/db: Fix tests for current go-sqlite3
  • lxd/db: Support to fetch a list of project for an image
  • lxd/db: Use capital case in error messages returned by db.NodeInfo.IsEmpty()
  • lxd/db: Use proper function names for the query of the image nodes
  • lxd/devlxd: Initialize variable to 0
  • lxd/forkfile: Cleanup macros manip_file_in_ns
  • lxd/forkmount: Cleanup macros
  • lxd/forkuevent: Cleanup macros
  • lxd/images: Add a task that auto synchronize images across the cluster and run it on the background
  • lxd/images: Associate image with the right project on the joined node
  • lxd/images: Do not iterate all available nodes across the cluster for image synchronization
  • lxd/images: Fetch the images fingerprints of the current online node
  • lxd/images: Import all images from the leader node to the new node after it's joined
  • lxd/images: Only show the image auto-sync log when clustering
  • lxd/main_nsexec: Fix type of length in file_to_buf
  • lxd/network: Reword sysctl network functions
  • lxd/network: Rework IP validation functions
  • lxd/nsexec: Cleanup macros attach_userns
  • lxd/nsexec: Cleanup macros do_setns
  • lxd/nsexec: Cleanup macros file_to_buf
  • lxd/nsexec: Cleanup macros in_same_namespace
  • lxd/nsexec: Make cmdline parsing more reliable
  • lxd/profiles: Fix project update when clustered
  • lxd/proxy: Add locking around UDP timer
  • lxd/storage/ceph: Rework df handling
  • lxd/storage_cgo: Cleanup macros find_associated_[...]
  • lxd/storage_cgo: Cleanup macros get_un[...]_legacy
  • lxd/storage_cgo: Cleanup macros get_unused_loop_dev
  • lxd/storage_cgo: Cleanup macros prepare_loop_dev
  • lxd/storage_cgo: Include macro.h
  • lxd/storage: Drop unused function
  • lxd/storage/lvm: Call wipesignatures
  • shared: Tweak progress metadata
  • shared/network: Include macro.h
  • shared/osarch: Add ArchLinux name for armv7
  • shared/osarch: Add gentoo armhf variant
  • shared/shift_linux: Cleanup macros shiftowner
  • shared/util_linux_cgo: Cleanup macros lxc_abstract_[...]
  • shared/util_linux_cgo: Restore old behavior
  • tests: Add integration test checking that nodes with custom volumes can't be removed
  • tests: Add snapshot expiry configuration on create
  • tests: avoid needless wait times during image synchronization when clustering
  • tests: Update godeps
  • tests: Update the test case to cover the image sync scenario for joined node

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.10 has been released

8th of February 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.10!

This release introduces snapshot expiry which combined with automated snapshots in LXD 3.8 should make for a nice way to have LXD generate and cleanup snapshots in the background.

We also did some work on our import/export of containers, now allowing overriding the storage pool during import.

This release also fixes a wide variety of bugs and has a number of nice performance improvements around compression/decompression and improved progress reporting thanks to the ChromeOS team at Google.

Enjoy!

New features

Snapshot expiry

A new snapshots.expiry container configuration option now lets you define an expiry for newly created containers. Alternatively, a snapshot can now be directly edited to set the newly introduced Expiry field.

When a snapshot expires, it is automatically deleted. This feature is particularly useful when combined with automated snapshots.

Pool override on import

It is now possible to select what storage pool a container backup should be imported into. On the command line, this can be specified with --storage.

Bugs fixed

  • client: Properly reset listener on error
  • client: Strip trailing slashes in URLs
  • doc: Document btrfs resize
  • doc: Fixed typo in backup.md
  • global: Rename {Creation,LastUsed}Date to {Created,LastUsed}At
  • i18n: Fix duplicate language
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc/image: Fix help
  • lxd/apparmor: Tweak default set of rules
  • lxd/backups: Don't waste memory during unpack
  • lxd/backups: Fix fd leak
  • lxd/backups: Handle missing storage pool for backups properly
  • lxd/backups: Send progress info for export and import operations
  • lxd/cluster: Don't prompt for internal config keys
  • lxd/containers: Always delete container on create error
  • lxd/containers: Call storage unmount on detach
  • lxd/containers: Fix disk limits at creation
  • lxd/containers: Fix error handling for auto-snap
  • lxd/containers: Fix lxc.mount.entry for musl
  • lxd/containers: Refuse refresh on running containers
  • lxd/images: calculate sha256 as image is written
  • lxd/images: change compressFile to take io.Reader and io.Writer
  • lxd/images: Send metadata in CreateImage error importing image
  • lxd/images: Send metadata in CreateImage error response
  • lxd/images: Tar and compress in a combined stream when packing an image
  • lxd/internal: Add internal command to trigger GC
  • lxd/migration: Fix race in abort
  • lxd/migration: Fix sender side errors handling
  • lxd/migration: Handle crashing rsync
  • lxd/storage/ceph: Create custom mountpoints if missing
  • lxd/storage/ceph: Fix validation of CEPH config
  • lxd/storage/ceph: Unmap on unmount
  • lxd/storage/ceph: Unmap volume after creation
  • lxd/storage/lvm: Use right VG name for exports
  • lxd/tasks: Fix possible segfaults in tasks
  • shared: Add support for a ProgressTracker during unpack
  • shared: Progress metadata as a map
  • shared: Properly handle uncompressed tarballs
  • shared/osarch: Add armhfp (centos)
  • storage: Add ioprogress.ProgressTracker field to storage
  • tests: Add more container snapshot tests
  • tests: Delete leftover container
  • tests: Extend backup import tests
  • tests: Fix bad test in clustering
  • tests: Fix bad test in container local pool handling
  • tests: Fix bad test in external_auth
  • tests: Fix bad test in security
  • tests: Fix bad test in sql
  • tests: Fix bad test in storage
  • tests: Fix container leak
  • tests: Fix negative tests in backup.sh
  • tests: Fix negative tests in basic.sh
  • tests: Fix negative tests in clustering.sh
  • tests: Fix negative tests in config.sh
  • tests: Fix negative tests in container_local_cross_pool_handling.sh
  • tests: Fix negative tests in database_update.sh
  • tests: Fix negative tests in devlxd.sh
  • tests: Fix negative tests in external_auth.sh
  • tests: Fix negative tests in idmap.sh
  • tests: Fix negative tests in incremental_copy.sh
  • tests: Fix negative tests in lxc-to-lxd.sh
  • tests: Fix negative tests in migration.sh
  • tests: Fix negative tests in pki.sh
  • tests: Fix negative tests in projects.sh
  • tests: Fix negative tests in remote.sh
  • tests: Fix negative tests in security.sh
  • tests: Fix negative tests in serverconfig.sh
  • tests: Fix negative tests in snapshots.sh
  • tests: Fix negative tests in sql.sh
  • tests: Fix negative tests in storage_driver_ceph.sh
  • tests: Fix negative tests in storage_local_volume_handling.sh
  • tests: Fix negative tests in storage_profiles.sh
  • tests: Fix negative tests in storage.sh
  • tests: Fix negative tests in storage_snapshots.sh
  • tests: Fix negative tests in storage_volume_attach.sh
  • tests: Fix negative tests in template.sh
  • tests: Fix volume list in cluster
  • tests: Fix volume list in projects
  • tests: Tweak fdleak test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.9 has been released

8th of January 2019

Introduction

The LXD team is very excited to announce the release of LXD 3.9!

As the development period for this LXD release was right over the holidays, no new features were merged during this time, making this effectively a bugfix release on top of LXD 3.8.

Enjoy!

Bugs fixed

  • bash: Add snapshot keys
  • client: Use exported DownloadFileHash
  • doc: Clarify measurement units
  • doc: Cleanup security.md
  • doc: Update doc links in README
  • i18n: Update translations from weblate
  • image-handling.md: 'release' should be a string and not a list
  • lxc/monitor: Fix rendering
  • lxc/storage: Fix argument count check for delete
  • lxc-to-lxd: Fix go test
  • lxd/cluster: Fix schema upgrades
  • lxd/containers: Adapt to go-lxc Release
  • lxd/containers: bind default value is host
  • lxd/containers: Fix unix devices with liblxc 3.1
  • lxd/containers: Handle projects in forkmount
  • lxd/db: Re-generate the fresh schema, bumping the schema version
  • lxd: Fix go test
  • lxd/forkmount: Fix version detection
  • lxd/forkmount: Require mount_injection_file
  • lxd/main_forkmount: Remove debug statements
  • lxd/projects: Fix crashes on project list
  • lxd/storage/zfs: Fix dataset handling on copy
  • shared: Read certificates from host
  • shared/util: Export DownloadFileHash
  • tests: Add env variable to skip static analysis
  • tests: Drop startup sleep for cluster
  • tests: Reduce clustering delays
  • tests: Reduce delays in devlxd test
  • tests: Reduce sleep in network test
  • tests: Reduce sleeps in proxy tests
  • tests: Reduce teardown delays
  • tests: Remove sleep in console test
  • tests: Speed up basic tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.8 has been released

13th of December 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.8!

This is the last release for 2018 and is a pretty feature packed one, improving on a lot of previously introduced features.

Enjoy!

New features

Automated container snapshots

Three configuration keys were introduced to control automated snapshots and configure how they will be named.

  • snapshots.schedule takes a CRON pattern to determine when to perform the snapshot
  • snapshots.schedule.stopped is a boolean used to control whether to snapshot stopped containers too
  • snapshots.pattern is a format string with pongo2 templating support used to set what the name of the snapshots should be when none is specified. This applies both to automated snapshots and to manually created snapshots where no name is provided.

Support for copy/move between projects

A new --target-project option has been added to both lxc copy and lxc move, making it possible to copy or move containers between projects.

stgraber@castiana:~$ lxc move test1 test1 --target-project blah
stgraber@castiana:~$ lxc list --project blah
+-------+---------+------+------+------------+-----------+
| NAME  |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-------+---------+------+------+------------+-----------+
| test1 | STOPPED |      |      | PERSISTENT |           |
+-------+---------+------+------+------------+-----------+

cluster.https_address server option

Up till now, clustered LXD servers had to be configured to listen on a single IPv4 or IPv6 address with both internal cluster traffic and regular client traffic all using that same address.

LXD 3.8 changes that by introducing a new cluster.https_address option. This write-once key holds the address used for cluster communication and cannot currently be changed without having to remove the node from the cluster.

With this separate key in place, it's now possible to change the regular core.https_address on clustered nodes to any address you want, including to wildcard patterns like :8443.

This makes it possible to use a completely different network for internal cluster communication, making it easy to prioritize and filter cluster traffic.

Cluster image replication

Another improvement for our cluster users is the introduction of automatic image replication. Prior to LXD 3.8, images would only get copied to other cluster members as containers on those systems request them.

While good for performance, bandwidth and disk usage, this had the obvious downside that if the image is only present on a single system and that system goes offline, then there is no way for that image to be used until the system recovers.

LXD 3.8 changes this by having all manually created or imported images be replicated on at least 3 systems. Images that are stored in the image store only as a cache entry do not get replicated.

The behavior can be configured through cluster.images_minimal_replica with 3 being the new default behavior, 1 being the previous behavior and -1 used to replicate on all cluster members.

security.protection.shift container option

Until such time as we get shiftfs into Linux distributions and land support for it in LXD, LXD has to rely on slow rewriting of all uid/gid on the filesystem whenever the container's idmap changes.

This can be a dangerous operation when run on systems that are prone to sudden power less or shutdown as this operation cannot be safely resumed if interrupted partway.

When set, the new security,protection.shift configuration option will prevent any such remapping, instead making any action that would result in one fail until the key is unset.

Support for passing all USB devices

Similar to how you can pass all GPUs to a container by not specifying any filter, it is now possible to do the same with USB devices by not specifying any vendorid or productid filter.

In such cases, every USB device will be made visible to the container, including any device hotplugged after the fact.

CLI override of default project

Many users reported that interacting with multiple projects can be tedious due to having to constantly use lxc project switch to switch the client between projects. This is especially true when all you want to do in a particular project is a simple action like starting a container.

LXD 3.8 now has a --project option available throughout the command line client, which lets you override the project for a particular operation.

stgraber@castiana:~$ lxc project list
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| blah              | NO     | NO       | 2       |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 14      |
+-------------------+--------+----------+---------+

stgraber@castiana:~$ lxc list test
+-------+---------+------+------+------------+-----------+
| NAME  |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-------+---------+------+------+------------+-----------+
| test1 | STOPPED |      |      | PERSISTENT | 0         |
+-------+---------+------+------+------------+-----------+

stgraber@castiana:~$ lxc list test --project blah
+-------+---------+------+------+------------+-----------+
| NAME  |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
+-------+---------+------+------+------------+-----------+
| test2 | STOPPED |      |      | PERSISTENT | 0         |
+-------+---------+------+------+------------+-----------+

Bi-directional rsync negotiation

Recent LXD releases have introduced rsync feature negotiation where the source could tell the server what rsync features it's using so that the server can match them on the receiving end.

LXD 3.8 introduces the reverse of that by having the LXD server indicate what it supports as part of the migration protocol, allowing for the source to restrict the features it uses.

This should provide very robust migration in the future where a newer LXD will be able to migrate containers out to an older LXD without running into rsync feature mismatches.

ZFS compression support

Another improvement to our migration protocol is the detection and use of ZFS compression support when available.

When combined with zpool compression, this can very significantly reduce the size of the migration stream.

Bugs fixed

  • client: convert EventListener to use api.Event
  • client: Fix crash on missing ProgressTracker
  • doc: Add kernel.keys.maxkeys to production-setup
  • doc: Add project documentation
  • doc: Updated documentation of /cluster/members/ to have correct keys
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc/image: Fix rootfs file handling on snap
  • lxc/import: gzip is the default
  • lxc/project: Check existence on switch
  • lxd: Finish converting events to api.Event
  • lxd: Fix AppArmor cache policy version check
  • lxd: Handle AppArmor policy cache directory
  • lxd/cluster: Tweak error messages
  • lxd/containers: Drop needless function
  • lxd/containers: Fix snapshot URLs in projects
  • lxd/containers: Hide duplicate log entries
  • lxd/containers: Improve hwaddr retry logic
  • lxd/containers: Properly clear static leases
  • lxd/containers: Respect optional=true for disks
  • lxd/db: Avoid un-needed query on container move
  • lxd/db: Fix typo in existing docstring
  • lxd/db: Fix unit test not actually checking error
  • lxd/db: Make ContainerSetState use single query
  • lxd/images: Fix bad project handling
  • lxd/init: Better handle disk sizes
  • lxd/init: Checks if a zfs storage pool or dataset exists
  • lxd/init: Fix typo
  • lxd/migration: Cleanup feature negotiation
  • lxd/migration: Fix CRIU rsync option negotiation
  • lxd/migration: Fix rsync project prefix
  • lxd/migration: Fix shutdown race
  • lxd/migration: Remove leftover debugging
  • lxd/migration: Re-spawn proxy devices
  • lxd/migration: Simplify MigrationSink
  • lxd/migration: Simplify MigrationSource
  • lxd/migration: Simplify StorageMigrationSink
  • lxd/networks: Fix projects in dnsmasq.hosts
  • lxd/projects: Add config validation
  • lxd/projects: Fix copy of snapshots
  • lxd/proxy: Improve shutdown code
  • lxd/storage: Fix broken error handling
  • lxd/storage: Fix check for custom volume restore
  • lxd/storage: Fix custom volume copies
  • lxd/storage: Fix more project copy issues
  • lxd/storage: Fix snapshot migration with projects
  • lxd/storage: Freeze containers during rsync
  • lxd/storage: user_subvol_rm_allowed for btrfs
  • lxd/storage/btrfs: Fix project migrations
  • lxd/storage/btrfs: Tweak errors
  • lxd/storage/ceph: Fix copies within project
  • lxd/storage/ceph: Fix project migration
  • lxd/storage/dir: Don't fail when quota are set
  • lxd/storage/dir: Fix project snapshot symlink
  • lxd/storage/lvm: Fix project handling
  • lxd/storage/lvm: Run pvremove on VG deletion
  • lxd/storage/zfs: Add zfsPoolVolumeExists
  • lxd/storage/zfs: Detect tool version on Ubuntu
  • lxd/storage/zfs: Fix missing dir on copy
  • lxd/storage/zfs: Fix project copies
  • lxd/storage/zfs: Fix project migrations
  • lxd/storage/zfs: Fix setting quotas on project
  • shared: Fix import order
  • shared: Fix windows cert handling
  • shared/idmap: Workaround Go tip change
  • shared/termios: Add shim for non-cgo builds
  • storage/zfs: Fix arguments in function call
  • tests: Always pass -w to iptables
  • tests: Bump size to 120MB for btrfs
  • tests: Fix leftover file
  • tests: Improve live-migration tests
  • tests: Test migration in projects
  • test: Support AppArmor policy cache directory

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.3 has been released

23rd of November 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.3!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Cluster refreshes for snap environments

A common issue with LXD clusters is the requirement that all nodes run the same LXD version and have a matching set of API extensions and DB schema.

When any node goes ahead of the rest, all database operations are held back until the remainder of the nodes are upgraded.

As we're talking about a number of separate machines, coordinating that upgrade may be a bit tricky and in the case of the LXD snap, could take up to 24h without user intervention.

To improve this, we introduced a new LXD_CLUSTER_UPDATE environment variable which packagers can set, pointing it to a script which will update the local LXD daemon through the relevant package manager. When LXD detects that another node is now ahead of itself, it will call this script which will then update the local LXD and have it match.

Rsync option negotiation

This release includes support for the rsync option negotiation which got rolled out in LXD 3.5, 3.6 and 3.7. This should result in smoother migrations between varying LXD releases.

Improved Candid support

Candid external authentication was extended to support multiple domains as well as providing with configurable expiry for the authentication tokens (defaulting to 1h).

This allows administrators in large organizations to choose what Candid domains will be allowed on a particular LXD server and configure exactly how long a user will be trusted before having to renew their authentication token with Candid.

The relevant configuration keys are: - candid.domains (comma separate listed of domains, default to allow all) - candid.expiry (token expiry in seconds, default to 3600)

Added support for PEM encrypted keys

For added security, LXD now supports PEM encrypted keys, this means that you can now manually encrypt your ~/.config/lxc/client.crt using openssl and LXD will then prompt you for the password as needed.

stgraber@castiana:~$ lxc project list s-vorash:
Password for client.crt: 
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 28      |
+-------------------+--------+----------+---------+

Added support for LXD_INSECURE_TLS

While all our own image servers and internal communications support modern ciphers, it's been brought to our attention that some corporate environments will intercept TLS traffic through their proxy and using a company CA, terminate the TLS connection on the proxy to inspect the traffic.

This would work fine so long as the company CA is trusted on the system and LXD is configured to use the company proxy. Unfortunately, it appears that many such proxies also do not support the modern ciphers that LXD requires, effectively causing all outgoing TLS connections to fail.

For those environments, we have now added a new LXD_INSECURE_TLS environment variable which is respected by both lxd and lxc and that will instruct LXD to relax the ciphers requirements, using the default TLS settings from Go rather than using our restricted set of trusted ciphers.

Expanded exec operation metadata

Ever wondered what that exec session is about in lxc operation list?

Well, now LXD lets you find that out by looking at some extra metadata that's recorded as part of the exec operation.

stgraber@castiana:~$ lxc exec xenial -- sleep 30 &
[1] 25911

stgraber@castiana:~$ lxc operation list
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
|                  ID                  |   TYPE    |    DESCRIPTION    | STATUS  | CANCELABLE |       CREATED        |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
| 274ab284-ed07-4834-b3f5-6ec1d7cf3b74 | WEBSOCKET | Executing command | RUNNING | NO         | 2018/11/09 04:20 UTC |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+

stgraber@castiana:~$ lxc operation show 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
id: 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
class: websocket
description: Executing command
created_at: 2018-11-08T23:20:30.323852365-05:00
updated_at: 2018-11-08T23:20:30.323852365-05:00
status: Running
status_code: 103
resources:
  containers:
  - /1.0/containers/xenial
metadata:
  command:
  - bash
  environment:
    HOME: /root
    LANG: C.UTF-8
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    TERM: xterm
    USER: root
  fds:
    "0": d79593f74c3e566987a3bdb109d2f4102aea5915ad344f64ea665082c1a3177e
    control: 0ed5ba645a9f6f0b2956282bba274ce015407a6309e1a9ec1a897fab0483d6fe
  interactive: true
may_cancel: false
err: ""

This records the command that was executed, its environment and whether it was run interactively or not.

Bugfixes

  • doc: add note about ignoring mount options
  • shared/idmap: test fcaps support
  • Add a few missing rows.Close() calls
  • lxd/patches: Profiles are in the cluster db
  • lxd/storage/ceph: Only freeze container if running
  • lxc: Only target if --target is passed
  • shared: Return decompressor in DetectCompression
  • lxd/containers: Don't return nil on Storage calls
  • tests: Fix mode of proxy.sh
  • shared/api: Don't re-define fields
  • lxd/storage/btrfs: Fix clearing quotas
  • lxd/containers: Also use apply_quota for CEPH
  • lxd/containers: Simplify and fix pool update logic
  • Add NodeIsOutdated() db API to check is a node is outdated
  • Trigger whatever is in the LXD_CLUSTER_UPDATE var is node is outdated
  • lxd/images: Add missing cleanup code
  • lxd/containers: Fix bad function name
  • tests: Avoid err == nil pattern
  • lxd: Don't mask database errors
  • Honor the CC environment variable when invoking go install
  • client: Avoid err == nil pattern
  • lxd/profiles: Don't list snapshots in UsedBy
  • Make database queries timeout after 10s if cluster db is unavail
  • tests: Fix pki with newer easyrsa
  • lxd/db: Fix internal DB test
  • doc: Fix and improve the description
  • operations: return true if operation is done before timeout
  • lxd/containers: Avoid root device name conflict
  • lxd/import: Add root disk if needed
  • global: Advertise rsync features
  • lxd/db: Use NoSuchObject consistently
  • proxy: Only log errors
  • lxd/import: Don't delete container on import failure
  • i18n: Update translation templates
  • Support --domain flag for lxc remote
  • Add configurable macaroon expiry
  • Support Candid domain validation
  • Update Candid docs
  • Update i18n
  • lxd: Rename API endpoints
  • network_linux: add netns_getifaddrs()
  • main_checkfeature: check kernel for netnsid support
  • network: add NetworkGetCounters()
  • container_lxc: switch to NetnsGetifaddrs()
  • shared: Add network state API
  • api: Add extended cluster join API
  • lxd/init: Fix struct conflict
  • lxc: Identify snapshots when listed
  • shared/version: Support detecting ChromeOS versions
  • lxd/containers: Force bring up of SRIOV parent
  • netns_getifaddrs: fix argument passing
  • netnsid_getifaddrs: fix check for netnsid support
  • doc: Fix storage API endpoints
  • container_lxc: handle network retrieval smarter
  • shared: Add storage volume snapshot support
  • client: Add storage volume snapshot support
  • netns_getifaddrs: don't print useless info
  • shared/api: Fix StorageVolumeSource struct
  • Makefile: Set LDFLAGS for dqlite
  • lxd: Fix handling of CGroup-V2 systems
  • tree-wide: pass -std=gnu11 -Wvla
  • lxd/containers: Rework exec FD handling
  • Added optional ?target= to /containers POST documentation
  • lxd/storage/lvm: Don't un-necessarily start/stop storage
  • lxd/storage/ceph: Don't un-necessarily mount snapshots
  • lxd/containers: Fix cleanup on create failure
  • shared/network: Don't crash on VPN devices
  • lxd/containers: Fix bad nvidia information parsing
  • netns_getifaddrs: fix network stats retrieval
  • network: Fix counters on non-ethernet interfaces
  • doc: Add configuration for readthedocs
  • storage: Fix error strings
  • lxd/storage/btrfs: Don't fail deleting pools on misisng disk
  • Split code in 2 seperate files
  • network: provide #ifdefs for RTM_* requests
  • Document LVM support for storage quotas
  • candid: Cleanup code a bit
  • network: fix netns_get_nsid() signature
  • apparmor: Allow cgroupv2 in cgns
  • candid: Fix client when using https candid server
  • lxd-p2c: Fix static build
  • config: Add support for PEM encrypted keys
  • lxc: Setup password helper
  • lxc/config: Only setup needed connection args
  • lxc/config: More TLS optimizations
  • i18n: Update translation templates
  • macro: add SOL_NETLINK
  • macro: add NETLINK_DUMP_STRICT_CHK
  • netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
  • Fix Potential Event Race
  • devices: Fix bad disk limits
  • Fix root disk limits on container startup
  • checkfeature: Rework structure
  • checkfeature: simplify is_netnsid_aware() check
  • checkfeature: Avoid double line break
  • checkfeature: dial logging down from to debug
  • lxc/progress: Add terminal detection
  • doc: Rework backup documentation
  • client: Add GetNetworkState
  • client: Add extended cluster join API
  • client: Add UseProject
  • shared/api: Add projects
  • client: Add support for projects
  • lxc/config: Add support for projects
  • Change query.SelectObjects signature to support a prepared statement
  • Add query.SelectURIs convenience for getting API resource URIs
  • Add cluster statements registry
  • api: Add Project.Config reference
  • Improve some error messages around container creation
  • Lookup for the "target" API parameter only in the URL query string
  • Automatically add ?project=x query param to image server
  • Improve error reporting when creating a container
  • Change ContainerStorageRead() to take a container object instead of its name
  • Improve error messages around LVM volume creation
  • Change Storage.ContainerUmount to accept a container vs a container name
  • lxd/init: Update for current client package
  • lxc/progress: Don't print empty lines
  • candid: Improve domain validation and pubkey
  • lxd/images: Fix parsing of public property
  • client: Always use the "do()" wrapper
  • client: Fix URLs with missing project/target
  • Improve error messages
  • lxd/containers: Fix cluster shutdown
  • i18n: Update Japanese translation
  • idmap: use global variable for vfs3 fcaps support
  • checkfeature: check for vfs3 fscaps support
  • lxd/db: Fix bad limits.cpu
  • shared: Add limits.cpu validator
  • doc: add the appropriate titles to some documents
  • shared/network: Allow TLS1.3
  • global: Implement LXD_INSECURE_TLS env variable
  • netns_getifaddrs: simplify
  • Fix bad check for recursive mounts
  • Prevent event listeners from lying around even after Disconnect()
  • client: Support creating project-bound container using an image on another node
  • client: Filter lifecycle and operations events by project
  • client: Make container backups code honor projects
  • client: Make GET /profiles return only profiles for the project
  • Bump Go versions and use '.x' to always get latest patch versions
  • Update build instruction
  • doc: Bump to 1.10 or higher everywhere
  • Don't expire lxd.log by accident
  • lxd/storage: Fix importing preseed dump
  • lxd/migration: Use current idmap instead of next
  • lxd/db: Send raft/dqlite logging to debug
  • lxd/daemon: Clarify early loggging
  • checkfeature: Don't log error on missing feature
  • lxd/daemon: Improve logging of inherited fds
  • shared/logging: Improve logfile output
  • lxd/daemon: Don't mention MAAS unless configured
  • exec: Expose command, env and mode in metadata
  • client: Fix cancelation of image download
  • Detect and shrink large boltdb files
  • lxd/daemon: Fix build
  • loop: retry on EBUSY
  • lxd/storage: Improve loop device errors
  • lxd/containers: Detect root disk pool changes
  • doc: Update cloud-init network documentation
  • client: Fix error handling in operations
  • lxd/containers: Prevent duplicate profiles
  • lxc/copy: --container-only is meaningless for snapshots
  • shared/api: Add support for incremental container copy
  • client: Add support for incremental container copy
  • doc: Add kernel.keys.maxkeys to production-setup
  • lxd/storage/dir: Don't fail when quota are set
  • lxd: Handle AppArmor policy cache directory
  • test: Support AppArmor policy cache directory
  • lxd/containers: Respect optional=true for disks
  • use empty usb vendorid to pass through all usb devices
  • doc: Add usb_optional_vendorid API extension
  • lxc/image: Fix rootfs file handling on snap
  • lxd/containers: Properly clear static leases
  • shared/api: Support copy between projects
  • client: Support copy between projects
  • lxc/config: Allow overriding the current project
  • rsync: Tweak transfer options (delete & compress)
  • lxd/daemon: Improve logging of kernel features
  • lxd: Register background tasks as operations
  • lxc: Switch all progress op handling to cancelable
  • Increase go-dqlite client timeout when not-clustered
  • lxd: Rework task handling
  • lxd/migration: Fix CRIU rsync option negotiation
  • lxd/storage/btrfs: Tweak errors
  • lxd/init: Better handle disk sizes
  • lxd/db: Avoid un-needed query on container move
  • i18n: Update translation templates
  • Add StorageVolumeIsAvailable to check if a Ceph volume can be attached
  • Wire StorageVolumeIsAvailable to containerValidDevices
  • Add integration test

Support and upgrade

LXD 3.0.3 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.7 has been released

9th of November 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.7!

We started off this release cycle by fixing a number of issues and edge cases surrounding our recently introduced projects feature as more and more of our users started making use of it.

But that's not to say that we've spent the entire past month fixing bugs and LXD 3.7 also debuts support for container refreshes, got a few tweaks to our TLS setup, improved exec operations and an extra VXLAN configuration key.

On top of the project fixes, we've also done a number of improvements to our database, logging and fixed quite a few other bugs.

New features

Container refresh

It is now possible to tell LXD to refresh a container based on another container, either locally or remotely. On the command line, this is controlled by a new --refresh argument to lxc copy.

This can be used to setup a backup LXD server that will then get regular updates from production servers, keeping the containers and their snapshots in sync until such time as they need to be restore or just started from the backup server.

The initial copy uses our usual migration code, subsequent refreshes will then compare the list of snapshots, delete any snapshot which was removed from the source or which appears to have been changed and then sync the missing snapshots and container state using rsync.

Switch default key type to EC384

LXD has always used RSA4096 has the algorithm and key strength of choice for its private keys. This has unfortunately cause a number of issues on some CPU architectures where RSA can get very very slow.

The switch to using an elliptic-curve key by default fixes that issue by considerably reducing the generation time without compromising on private key security.

Note that this is only used for newly generated keys, existing users will keep using their RSA private keys. It's also worth noting that LXD will happily let you generate your own private key and certificate and just put them into place on the filesystem for it to use.

New environment variable to control cipher selection

While all our own image servers and internal communications support modern ciphers, it's been brought to our attention that some corporate environments will intercept TLS traffic through their proxy and using a company CA, terminate the TLS connection on the proxy to inspect the traffic.

This would work fine so long as the company CA is trusted on the system and LXD is configured to use the company proxy. Unfortunately, it appears that many such proxies also do not support the modern ciphers that LXD requires, effectively causing all outgoing TLS connections to fail.

For those environments, we have now added a new LXD_INSECURE_TLS environment variable which is respected by both lxd and lxc and that will instruct LXD to relax the ciphers requirements, using the default TLS settings from Go rather than using our restricted set of trusted ciphers.

Added metadata to exec operations

Ever wondered what that exec session is about in lxc operation list?

Well, now LXD lets you find that out by looking at some extra metadata that's recorded as part of the exec operation.

stgraber@castiana:~$ lxc exec xenial -- sleep 30 &
[1] 25911

stgraber@castiana:~$ lxc operation list
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
|                  ID                  |   TYPE    |    DESCRIPTION    | STATUS  | CANCELABLE |       CREATED        |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+
| 274ab284-ed07-4834-b3f5-6ec1d7cf3b74 | WEBSOCKET | Executing command | RUNNING | NO         | 2018/11/09 04:20 UTC |
+--------------------------------------+-----------+-------------------+---------+------------+----------------------+

stgraber@castiana:~$ lxc operation show 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
id: 274ab284-ed07-4834-b3f5-6ec1d7cf3b74
class: websocket
description: Executing command
created_at: 2018-11-08T23:20:30.323852365-05:00
updated_at: 2018-11-08T23:20:30.323852365-05:00
status: Running
status_code: 103
resources:
  containers:
  - /1.0/containers/xenial
metadata:
  command:
  - bash
  environment:
    HOME: /root
    LANG: C.UTF-8
    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
    TERM: xterm
    USER: root
  fds:
    "0": d79593f74c3e566987a3bdb109d2f4102aea5915ad344f64ea665082c1a3177e
    control: 0ed5ba645a9f6f0b2956282bba274ce015407a6309e1a9ec1a897fab0483d6fe
  interactive: true
may_cancel: false
err: ""

This records the command that was executed, its environment and whether it was run interactively or not.

New VXLAN TTL configuration key

A new tunnel.NAME.ttl key has been added to LXD managed bridges. This lets you configure the TTL to use for multicast VXLAN tunnels (default is 1).

Bugs fixed

  • backup: Allow backups to not expire
  • client: Always use the "do()" wrapper
  • client: Fix cancelation of image download
  • client: Fix error handling in operations
  • client: Fix URLs with missing project/target
  • doc: Add the appropriate titles to some documents
  • doc: Bump to 1.10 or higher everywhere
  • doc: Update build instruction
  • doc: Update cloud-init network documentation
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Switch all progress op handling to cancelable
  • lxc/copy: --container-only is meaningless for snapshots
  • lxd: Register background tasks as operations
  • lxd: Remove expired container backups
  • lxd: Rework task handling
  • lxd/backups: Set default expiry for backups
  • lxd/checkfeature: Check for vfs3 fscaps support
  • lxd/checkfeature: Don't log error on missing feature
  • lxd/containers: Add ContainerListExpanded to load containers and expand their configs/devices
  • lxd/containers: Associate a container with the profile from its own project
  • lxd/containers: Consider the container's project when loading profiles
  • lxd/containers: Detect root disk pool changes
  • lxd/containers: Expand container devices and configs from the associated project
  • lxd/containers: Fix bad check for recursive mounts
  • lxd/containers: Fix cluster shutdown
  • lxd/containers: Fix lxc exec when using a container inside a project
  • lxd/containers: Fix missing project in args
  • lxd/containers: Improve error messages
  • lxd/containers: Make containers on other nodes visible also in the non-default project
  • lxd/containers: Prefix the container name with the project name when invoking forkconsole
  • lxd/containers: Prevent duplicate profiles
  • lxd/containers: Use liblxc mount injection api
  • lxd/daemon: Clarify early loggging
  • lxd/daemon: Don't expire lxd.log by accident
  • lxd/daemon: Don't mention MAAS unless configured
  • lxd/daemon: Improve logging of inherited fds
  • lxd/daemon: Improve logging of kernel features
  • lxd/db: Add logic to the db package to expand devices
  • lxd/db: Add logic to the db package to load and expand profiles
  • lxd/db: Detect and shrink large boltdb files
  • lxd/db: Fix bad limits.cpu in test
  • lxd/db: Fix listing container backups
  • lxd/db: Increase database timeout when creating indexes in db update 12
  • lxd/db: Increase go-dqlite client timeout when not-clustered
  • lxd/db: Make the db mapper code generator handle compound natural keys
  • lxd/db: Sanitize references to containers table
  • lxd/db: Send raft/dqlite logging to debug
  • lxd/db: Speed up execution of update from v11 of the db
  • lxd/db: Wire expand config logic fromt the db package
  • lxd/db: Wire expand devices logic fromt the db package
  • lxd/events: Prevent event listeners from lying around even after Disconnect()
  • lxd/images: Auto-update images also in projects other than the default one
  • lxd/images: Avoid downloading an image twice if it's already in another project
  • lxd/images: Link an image to a project when downloading it to init a container
  • lxd/images: Support creating project-bound container using an image on another node
  • lxd/main_forkmount: Use pkg-config
  • lxd/main_forknet: Simplify getifaddrs
  • lxd/migration: Use current idmap instead of next
  • lxd/networks: Include containers from all projects in the UsedBy field of a network
  • lxd/patches: Add missing transition for symlinks
  • lxd/profiles: Fix project-aware URIs in the UsedBy field of api.Profile
  • lxd/projects: Fix clustered exec/console
  • lxd/projects: Fix profile updates
  • lxd/projects: Propagate events about all projects to all cluster nodes
  • lxd/projects: Re-create the project default profile when turning on the project profiles feature
  • lxd/storage: Add StorageVolumeIsAvailable to check if a Ceph volume can be attached
  • lxd/storage: Destroy the correct ZFS volume when deleting a container in a project
  • lxd/storage: Fix importing preseed dump
  • lxd/storage: Improve loop device errors
  • lxd/storage: Make custom volumes visible from non-default projects
  • lxd/storage: Retry loop device allocation on EBUSY
  • lxd/storage: Wire StorageVolumeIsAvailable to containerValidDevices
  • rsync: Tweak transfer options (introduce delete & compress)
  • scripts: Add 'project' to bash completion
  • shared: Add limits.cpu validator
  • shared/idmap: Use global variable for vfs3 fcaps support
  • shared/logging: Improve logfile output
  • shared/network: Allow TLS1.3
  • tests: Add integration test for CEPH cross-node volumes
  • tests: Small unrelated cleanup in projects integration test
  • travis: Bump Go versions and use '.x' to always get latest patch versions

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.6 has been released

11th of October 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.6!

This is a rather feature packed release with a variety of new configuration options as well as big features like LXD projects and ability to snapshot/restore custom storage volumes.

New features

Introducing LXD projects

LXD projects let you effectively split your LXD server. Each project has its own list of containers and can also have its own profiles and images.

You can define as many projects as you want and easily switch between them with lxc project switch.

Newly created projects have all features enabled, meaning that at this point, they will be able to hold:

  • containers
  • images
  • profiles

When some of those features are disabled, they simply inherit from the default project.

For example, let's create a new project which only holds containers and then start a container inside it:

stgraber@castiana:~$ lxc list
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
|    NAME     |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| centos3     | STOPPED |                      |                                              | PERSISTENT |           |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| centos4     | STOPPED |                      |                                              | PERSISTENT |           |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| snapcraft   | RUNNING | 10.166.11.213 (eth0) | 2001:470:b368:4242:216:3eff:fe77:c7f8 (eth0) | PERSISTENT | 1         |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+
| tutorials   | RUNNING | 172.17.0.1 (docker0) | 2001:470:b368:4242:216:3eff:fea7:1816 (eth0) | PERSISTENT |           |
+-------------+---------+----------------------+----------------------------------------------+------------+-----------+

stgraber@castiana:~$ lxc project list
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 19      |
+-------------------+--------+----------+---------+

stgraber@castiana:~$ lxc project create demo -c features.images=false -c features.profiles=false
Project demo created
stgraber@castiana:~$ lxc project switch demo

stgraber@castiana:~$ lxc list
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+

stgraber@castiana:~$ lxc launch ubuntu:18.04 c1
Creating c1
Starting c1

stgraber@castiana:~$ lxc list
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| NAME |  STATE  |         IPV4         |                     IPV6                     |    TYPE    | SNAPSHOTS |
+------+---------+----------------------+----------------------------------------------+------------+-----------+
| c1   | RUNNING | 10.166.11.147 (eth0) | 2001:470:b368:4242:216:3eff:fef6:58a8 (eth0) | PERSISTENT |           |
+------+---------+----------------------+----------------------------------------------+------------+-----------+

Custom storage volume snapshots

It is now possible to create and manage snapshots on your custom storage volumes.

stgraber@castiana:~$ lxc storage volume create default data
Storage volume data created
stgraber@castiana:~$ lxc storage volume snapshot default data my-snapshot
stgraber@castiana:~$ lxc storage volume list default
+----------------------+------------------------------------------------------------------+-------------+---------+
|         TYPE         |                               NAME                               | DESCRIPTION | USED BY |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | centos3                                                          |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | centos4                                                          |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | snapcraft                                                        |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container            | tutorials                                                        |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| container (snapshot) | snapcraft/snap0                                                  |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| custom               | data                                                             |             | 0       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| custom (snapshot)    | data/my-snapshot                                                 |             | 0       |
+----------------------+------------------------------------------------------------------+-------------+---------+
| image                | 0381c3c01c04b937579e0f055f5378a548eefcc18dd928249d4752ac47a6aa08 |             | 1       |
+----------------------+------------------------------------------------------------------+-------------+---------+
stgraber@castiana:~$ lxc storage volume restore default data my-snapshot
stgraber@castiana:~$

New volumes may also be created by copying a snapshot.

New NVIDIA configuration options

This introduces a few extra config keys when using nvidia.runtime and the libnvidia-container library. Those keys translate pretty much directly to the matching nvidia-container environment variables:

  • nvidia.driver.capabilities = NVIDIA_DRIVER_CAPABILITIES
  • nvidia.require.cuda = NVIDIA_REQUIRE_CUDA
  • nvidia.require.driver = NVIDIA_REQUIRE_DRIVER

More details about those can be found here

New columns in lxc list and lxc image list

New columns have been added to lxc list to show the image that was used to create the container. The f column shows the short hash, the F column shows the full hash.

stgraber@castiana:~$ lxc list -c nfF
+-------------+--------------+------------------------------------------------------------------+
|    NAME     |  BASE IMAGE  |                            BASE IMAGE                            |
+-------------+--------------+------------------------------------------------------------------+
| centos3     | 3265a2551f2a | 3265a2551f2a8b3a08896f0a5b487bc4fa1d2a71fee3220b2077b8a4850d8f7a |
+-------------+--------------+------------------------------------------------------------------+
| centos4     | d22c637f6420 | d22c637f6420570b0b6d5a4ad687672a59d6f13acd19ad07901a47469ea78137 |
+-------------+--------------+------------------------------------------------------------------+
| snapcraft   | 3e50ba589426 | 3e50ba589426c21f26370e2f949f30210f2d0419fbb9d4d4a0f860a035373353 |
+-------------+--------------+------------------------------------------------------------------+
| tutorials   | d72ae2e5073f | d72ae2e5073f20450c5260e6f227484c23452a46c6bb553ffe6be55e48602bb4 |
+-------------+--------------+------------------------------------------------------------------+

And similarly, a F column was added to lxc image list.

stgraber@castiana:~$ lxc image list -c fFd
+--------------+------------------------------------------------------------------+---------------------------------------------+
| FINGERPRINT  |                           FINGERPRINT                            |                 DESCRIPTION                 |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| 5ceb96c7eb29 | 5ceb96c7eb29ed3bf971cca95e4f9c7c95b7fcb1528e2733fca143e3908a384d | ubuntu 18.10 amd64 (daily) (20181010)       |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| c966933fdfd3 | c966933fdfd390d301fed3447528e2f910bf72c0615b2caaf3235a791fed3541 | ubuntu 16.04 LTS amd64 (release) (20181004) |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| d72ae2e5073f | d72ae2e5073f20450c5260e6f227484c23452a46c6bb553ffe6be55e48602bb4 | ubuntu 18.04 LTS amd64 (release) (20181003) |
+--------------+------------------------------------------------------------------+---------------------------------------------+
| ef20901f9494 | ef20901f94946ebe05e05c63f54fda8e366ca47677b55e9c021527065c11459c | ubuntu 16.04 LTS i386 (release) (20181004)  |
+--------------+------------------------------------------------------------------+---------------------------------------------+

Basic support for CGroupV2-only systems

On systems that only have CGroupV2 enabled, LXD will now start properly and most container operations will work as expected.

Note that resource limits on CGroupV2 only systems will not be applied at this time. Getting to feature parity with CGroupV1 will need quite a lot more work.

New security.unmapped storage volume property

A new security.unmapped property has been added to the storage volumes. This effectively allows you to attach a custom volume to a first container, letting LXD remap it for you, then set that property and attach it to as many other containers as you want even if they have mismatching uid/gid maps.

Without this property set, LXD refuses to attach the volume because of uid/gid mismatch, with it set, it makes it the user's problem to either use pretty wide open file permissions to allow access or setup some POSIX ACLs for the various containers.

Support for PEM encrypted client key

For added security, LXD now supports PEM encrypted keys, this means that you can now manually encrypt your ~/.config/lxc/client.crt using openssl and LXD will then prompt you for the password as needed.

stgraber@castiana:~$ lxc project list s-vorash:
Password for client.crt: 
+-------------------+--------+----------+---------+
|       NAME        | IMAGES | PROFILES | USED BY |
+-------------------+--------+----------+---------+
| default (current) | YES    | YES      | 28      |
+-------------------+--------+----------+---------+

Uevent injection for USB devices

On very recent kernels, containers that have USB devices setup in LXD will now get add/remove and bind/unbind uevents forwarded to them, allowing for the use of udev rules and other software that listen for uevents.

Here is an example of a phone getting plugged in:

stgraber@castiana:~$ lxc exec tutorials udevadm monitor
monitor will print the received events for:
UDEV - the event which udev sends out after rule processing
KERNEL - the kernel uevent

KERNEL[894420.794945] add      /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)
UDEV  [894420.796425] add      /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)
KERNEL[894420.809028] bind     /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)
UDEV  [894420.810630] bind     /devices/pci0000:00/0000:00:1d.0/0000:06:00.0/0000:07:02.0/0000:3c:00.0/usb3/3-1/3-1.1/3-1.1.4/3-1.1.4.1 (usb)

Optimized retrieval of network information

Support for a set of upcoming netlink APIs has been added to LXD. With those, it is now possible to retrieve all container network information without requiring the use of subprocesses and without having to switch between namespaces.

On systems with a kernel supporting those new APIs, we can observe up to 40% performance improvement in lxc list.

Bugs fixed

  • client: Fix client when using HTTPs candid server
  • client: Fix Potential Event Race
  • doc: Add configuration for readthedocs
  • doc: Added optional ?target= to /containers POST documentation
  • doc: Document LVM support for storage quotas
  • doc: Fix storage API endpoints
  • doc: Rework backup documentation
  • global: Pass -std=gnu11 -Wvla
  • i18n: Update translations from weblate
  • lxc/config: More TLS optimizations
  • lxc/config: Only setup needed connection args
  • lxc/import: Fix error handling
  • lxc/progress: Add terminal detection
  • lxc/progress: Don't print empty lines
  • lxc/storage: Identify snapshots when listed
  • lxd: Fix handling of CGroup-V2 systems
  • lxd: Lookup for the "target" API parameter only in the URL query string
  • lxd/candid: Cleanup code a bit
  • lxd/candid: Improve domain validation and pubkey
  • lxd/containers: Fix bad nvidia information parsing
  • lxd/containers: Fix cleanup on create failure
  • lxd/containers: Fix root disk limits on container startup
  • lxd/containers: Force bring up of SRIOV parent
  • lxd/containers: Improve error reporting when creating a container
  • lxd/containers: Improve some error messages around container creation
  • lxd/containers: Rework exec FD handling
  • lxd/containers: Use the ID field from db.Container directly
  • lxd/db: Add cluster statements registry
  • lxd/db: Add query.SelectURIs convenience for getting API resource URIs
  • lxd/db: Change query.SelectObjects signature to support a prepared statement
  • lxd/db: More efficient profile delete API handler
  • lxd/db: Switch over to code generation
  • lxd/db: Use ClusterTx.ProfileDelete instead of Cluster.ProfileDelete
  • lxd/db: Use ClusterTx.ProfileRename instead of Cluster.ProfileUpdate
  • lxd/db: Use tx.ProfileCreate() instead of db.ProfileCreate()
  • lxd/devices: Fix bad disk limits
  • lxd/images: Fix parsing of public property
  • lxd/nvidia: Default to compute,utility
  • lxd-p2c: Fix static build
  • lxd/storage/btrfs: Don't fail deleting pools on misisng disk
  • lxd/storage/ceph: Don't un-necessarily mount snapshots
  • lxd/storage: Change ContainerStorageReady() to take a container struct
  • lxd/storage: Change ContainerUmount to accept a container struct
  • lxd/storage: Fix some storage URLs in API
  • lxd/storage/lvm: Don't un-necessarily start/stop storage
  • lxd/storage/lvm: Improve error messages around LVM volume creation
  • Makefile: Set LDFLAGS for dqlite
  • shared/network: Don't crash on VPN devices
  • shared/version: Support detecting ChromeOS versions
  • storage: Fix error strings

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.5 has been released

12th of September 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.5!

You'll no doubt notice the smaller than usual feature changes. That's explained by the beginning of conference season as well as some of our ongoing work being so large that it won't fit in a single release cycle and so will land in the LXD 3.6 or 3.7 timeframe.

This release still contains a number of welcome improvements, especially for those cluster and enterprise users as well as a good number of bugfixes and performance improvements.

New features

Additional configuration options for external Candid authentication

Candid external authentication was extended to support multiple domains as well as providing with configurable expiry for the authentication tokens (defaulting to 1h).

This allows administrators in large organizations to choose what Candid domains will be allowed on a particular LXD server and configure exactly how long a user will be trusted before having to renew their authentication token with Candid.

The relevant configuration keys are: - candid.domains (comma separate listed of domains, default to allow all) - candid.expiry (token expiry in seconds, default to 3600)

--quiet option in the command line client

Users of the lxc command from scripts will be happy to hear that we've finally introduced a --quiet option which will silence all progress information and limit output to error messages.

Configurable compression for backups

We reworked the way backups are stored and handled quite a bit in this LXD release. Most of this won't be visible in day to day operations, other than making retrieving backups significantly faster and using much less memory.

One thing that is visible however is a new configuration option to control what compression to apply to backups.

The new configuration key is: - backups.compression_algorithm (default to "gzip")

Hook to handle cluster-wide release updates

A common issue with LXD clusters is the requirement that all nodes run the same LXD version and have a matching set of API extensions and DB schema.

When any node goes ahead of the rest, all database operations are held back until the remainder of the nodes are upgraded.

As we're talking about a number of separate machines, coordinating that upgrade may be a bit tricky and in the case of the LXD snap, could take up to 24h without user intervention.

To improve this, we introduced a new LXD_CLUSTER_UPDATE environment variable which packagers can set, pointing it to a script which will update the local LXD daemon through the relevant package manager. When LXD detects that another node is now ahead of itself, it will call this script which will then update the local LXD and have it match.

Bugs fixed

  • client: Avoid err == nil pattern
  • doc: Add example of exec with record-output
  • doc: Add note about ignoring mount options
  • doc: Fix and improve the description
  • global: Advertise rsync features
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Only target if --target is passed
  • lxc/export: Don't crash on failure to delete backup
  • lxd: Don't mask database errors
  • lxd/api: Sort list of endpoints
  • lxd/backups: Rework to behave as intended
  • lxd/cluster: Consider pending containers when placing a new container
  • lxd/cluster: Make database queries timeout after 10s
  • lxd/containers: Also use apply_quota for CEPH
  • lxd/containers: Avoid root device name conflict
  • lxd/containers: Don't return nil on Storage calls
  • lxd/containers: Fix bad function name
  • lxd/containers: Simplify and fix pool update logic
  • lxd/db: Add a few missing rows.Close() calls
  • lxd/db: Add NodeIsOutdated() db API to check is a node is outdated
  • lxd/db: Add type column to operations table
  • lxd/db: Fix internal DB test
  • lxd/db: Use NoSuchObject consistently
  • lxd/devices: Iterate /sys/class/drm for GPUs
  • lxd/forkdns: Properly rewrite answer
  • lxd/images: Add missing cleanup code
  • lxd/import: Add root disk if needed
  • lxd/import: Don't delete container on import failure
  • lxd/operations: Fill the type column when creating a new operation
  • lxd/operations: Return true if operation is done before timeout
  • lxd/patches: Profiles are in the cluster db
  • lxd/profiles: Don't list snapshots in UsedBy
  • lxd/proxy: Fix unix socket paths in snap
  • lxd/proxy: Only log errors
  • lxd/storage/btrfs: Fix clearing quotas
  • lxd/storage/ceph: Only freeze container if running
  • Makefile: Honor the CC environment variable when invoking go install
  • scripts: Update auto-complete
  • shared/api: Don't re-define fields
  • shared/idmap: Test for fscaps support
  • shared: Return decompressor in DetectCompression
  • tests: Always pass --force to stop
  • tests: Avoid err == nil pattern
  • tests: Fix mode of proxy.sh
  • tests: Fix pki with newer easyrsa

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.2 has been released

21st of August 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.2!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Highlights

Fixed container snapshot and backup naming

In the past, the name property of all snapshots and backups included the container name followed by a slash and then by the snapshot or backup name.

This was redundant given that you could only get this information by querying a particular container.

The API now only returns the snapshot or backup name but LXD still understands the old syntax to allow for migrations and restoring of existing backups.

Switched to a newer implementation of dqlite

dqlite, the distributed sqlite3 implementation that we started using for LXD in LXD 3.0 has been significantly reworked to remove a number of performance bottlenecks.

Most of the database logic is now done inside a C library (libdqlite) with a matching Go package (go-dqlite) providing the SQL interface for LXD.

The on-disk format remains unchanged, so there's no risky upgrade step for this but packagers need to be aware of the new library and package it with LXD.

File capabilities support

All calls to tar and rsync now pass the required options to save and restore extended attributes, including file capabilities.

On top of that, we've implemented logic in our idmap package to shift and unshift files that include file capabilities, using the recently introduced unprivileged file capabilities.

On suitable kernels (upstream 4.14+) this will now allow LXD images to include file capabilities for utilities such as ping or mtr and have users of privileged or unprivileged containers alike be able to set and use those capabilities.

Progress information in lxc file and lxc import

Transferring files or uploading a backup to LXD will now get you progress information. When available, you'll get the percentage transferred and current speed, when the size is unknown, you'll still get how much was transferred and the transfer speed.

Bugfixes

  • container: containerCreateAsCopy() update pool
  • forkmount: ignore ENOENT and EINVAL on umount2()
  • nsexec: simplify attach_userns()
  • Fall back to alternate way of detecting minor version of Nvidia driver if needed
  • lxd/maas: Make error more readable
  • lxd-p2c: Send rsync output to stderr
  • lxd/migration: Don't pass -vP to a hidden rsync
  • lxc: Properly handle --target in copy and move
  • memory: fix format string
  • lxc/move: Support config and profile overrides
  • i18n: Update translation templates
  • exec: fix format string
  • images: fix format string
  • migrate: remove debug residuals
  • lvm: fix format string
  • db: fix format string
  • nsexec: prevent fd leak
  • Fix the storage_pool_id filter from the WHERE clause of StoragePoolsConfig
  • Fix lints
  • Extract cmdInit.ApplyConfig into a separete initApplyConfig function
  • Split initApplyConfig into initDataNodeApply and initDataClusterApply
  • Fix broken alternate TLS server cert in integration tests
  • lxd/containers: Don't update MAAS for snapshots
  • lxd/maas: Allow starting with MAAS offline
  • Enable tcp KeepAlive
  • lxd/cluster: Improve error on bad target
  • reader: Handle EINTR
  • allow uidmaps to be parsed from alternate roots
  • lxd/storage/zfs: Improve defaults
  • test: Fix static analysis
  • Allow identity mappings for unprivileged containers
  • container: adapt allowedUnprivilegedOnlyMap()
  • shared: Dereference directory symlinks
  • lxd,shared: Move parseNumberFromFile to shared
  • lxc/network: Add --format option to list
  • lxd/db: Don't hang after bad request
  • lxd/apparmor: Allow ro bind-mounts and remounts
  • idmap: support skipping directories
  • lxd: Properly set containerArgs in all cases
  • lxd/storage: Fix PATCH on storage pools
  • container: use lxcSetConfigItem() for lxc.log.file
  • lxc/cluster: Remove bad alias
  • lxd/storage: Fix volume creation API
  • tests: Add alternative TCP port finder
  • doc: Document hostname requirements
  • networks: Support stateful DHCPv6 with prefixes longer than /64
  • lxd/networks: Skip DHCP mangle if firewall off
  • network: do not print writer struct on error
  • lxd/patches: Force a one-time config re-gen
  • storage pools: move structs
  • storage volumes: move structs
  • images: move structs
  • client: Export OperationWait
  • lxd/cluster: Only restart local containers
  • images: consistenly name command structs
  • cluster: move structs
  • api 1.0: move struct
  • api internal: move structs
  • certificates: move structs
  • events: move structs
  • operations: move structs
  • profiles: move structs
  • resources: move structs
  • container logs: move structs
  • container post: move structs
  • lxd/storage/btrfs: Fix recursive snapshots
  • lxd/cluster: Fix attaching CEPH custom volumes
  • lxd/storage: Fix double quoting
  • Reduce the frequency of raft snapshots
  • lxd/storage/ceph: Don't keep snapshots mounted
  • util linux: add abstract unix socket helpers
  • proxy: Rework to match master
  • lxd: Cleanup logging
  • lxd: Improve error messages
  • proxy: Properly handle relay errors
  • lxd/certificates: Log password failures
  • proxy: handle full socket buffer
  • gpu: special case passing all GPUs
  • gpu: don't fail during parse
  • gpu: handle cards among Nvidia devices
  • gpu: fix Nvidia minor index parsing
  • lxd/containers: Fix removing NVIDIA containers
  • doc: Add links to REST API
  • doc: Fix storage volume examples
  • lxd/operations: Forward to right cluster node
  • lxc/{copy,move}: Allow overriding device config
  • i18n: Update translations
  • tests: Perform a lazy umount in case of errors
  • lxd/networks: Improve dnsmasq leases cleanup
  • migration: fix cross version migrations
  • doc: Note that default profile cannot be deleted/renamed
  • lxc/profile: Fix "get" command
  • lxd: Prevent renaming/deletion of the default profile
  • test: Test default profile renaming/deletion
  • Fix "neighbour: ndisc_cache: neighbor table overflow"
  • lxd: Fix StoragePoolVolumesGetNames
  • lxd/apparmor: Fix typo in nesting profile
  • lxd/patches: Make config re-gen fault tollerant
  • fix links in api-extension
  • lxd/db: Fix handling of NetworkConfigClear
  • lxd/networks: Fix PATCH operations
  • lxd/networks: Improve error on missing openvswitch
  • tests: Add test for network put/patch
  • lxd/networks: Fix revert on update failure
  • Allow deleting storage pools that only contain image volumes
  • lxd/storage: Remove image on pool deletion
  • lxd/storage: Keep images when deleting pool
  • lxd/init: Allow selecting custom Fan underlay
  • lxd/init: Fix typo in Fan question
  • lxd/networks: Calculate Fan MTU based on parent
  • shared/util: Fix unit parsing (metric vs iec)
  • lxd/storage/lvm: Round size to closest 512 bytes
  • lxd/storage: Drop late size check
  • lxd/storage/lvm: Fix umount logic during btrfs copy
  • lxd/storage/ceph: Mount the fs after growing the block
  • tests: Switch to MiB for btrfs resize
  • tests: Fix race in network test
  • lxc: Switch to Ubuntu 18.04 as initial container
  • lxc: Be clever about when showing "lxd init"
  • client: Split LXD download code into own function
  • client: Attempt to fetch through devlxd
  • Make lvm.thinpool_name and lvm.vg_name node-specific
  • This should have been a patch, for easier backporting
  • i18n: Update translation templates
  • zfs: Support querying version through modinfo
  • lxd/networks: Fix port number for DHCPv6
  • Don't include container name in backups/snapshots
  • client: Fix CopyContainerSnapshot API
  • lxc/copy: Update to fixed CopyContainerSnapshot
  • lxd/import: Fix support for snapshots without container name
  • doc: Fix API output for snapshots
  • lxc: Make answer to remote add translatable
  • doc: Fix typo
  • lxc/storage: Fix bad argument parsing
  • tests: Fix new storage get/set test
  • *: Unify error messages
  • i18n: Update translation templates
  • Use mattn's sqlite3 bindings in the lxd/db sub package
  • Drop go-1.6 code
  • Replace grpc-sql with dqlite custom protocol
  • Wire dqlite server
  • Adapt main package to new cluster sub-package API
  • Drop raft snapshot workaround
  • Fetch containers info in parallel
  • Fix some missing error checks
  • Add support for "lxd sql global .sync", to sync the cluster db to disk
  • Capitalize error messages
  • Enforce the limit of open connections to local db after initialization is over
  • Re-enable empty table checks
  • Fix lints
  • lxd/cluster/gateway: Tweak errors
  • lxd/cluster/gateway: Log proxy errors
  • lxd: Improve shutdown logic for cluster nodes
  • Redirect dqlite logging to lxd logging
  • Fix unit test regression
  • Makefile: Respect CGO_CFLAGS
  • Makefile: Fix typo in .PHONY
  • Makefile: Rename protobuf to update-protobuf
  • Makefile: Drop gccgo
  • Makefile: Drop outdated comment
  • Makefile: Fix tags handling
  • Makefile: Require libsqlite3
  • Makefile: Include dqlite in dist tarball
  • Makefile: Add deps target
  • lxd: Fix --syslog flag
  • lxd/containers: Don't flush leases for snapshots
  • shared/idmap: Shift fscaps
  • lxd/cluster: Fix typo in errors
  • tar: Support xattrs
  • rsync: Support xattrs
  • test: Add test for cluster shutdown logic
  • tar: Use --xattrs-include=* during extract
  • idmap: C coding style fixups
  • idmap: s/set_caps/set_vfs_ns_caps/g
  • idmap: convert uid from big to little endian
  • client: Centrally handle targeting
  • shared/idmap: Fix xattr.h import
  • lxc/utils: Handle empty progress
  • lxc/file: Show progress
  • lxd/containers: Use internal struct values
  • networks: Ignore veth devices
  • networks: Don't try listing containers for lo
  • lxd/cluster: Only query the containers we need
  • Add ContainerArgsList and ContainerArgsNodeList
  • lxd/db: Fix snapshot filtering
  • lxd/containers: Add helpers for retrieving containers
  • lxd: Port over to new containerLoadNodeAll function
  • lxd: Port over to new containerLoadAll function
  • lxd: Only get the profiles once
  • lxd/containers: Speed up recursive list
  • shared/api: Define ContainerFull
  • lxd/storage: Don't log every storage init
  • lxc/list: Port to ContainerFull
  • lxd/storage: Cache storage version
  • Fix "no transaction is active" error during database updates
  • lxc/remote: Fix crash on bad remote name
  • lxd/storage/zfs: Optimize getting disk usage
  • lxd/networks: Drop unused db property
  • lxd: Add endpoints to state struct
  • lxc/container: CEPH also needs offline quotas
  • lxd/storage/ceph: Fix default container quotas
  • Makefile: Set PKG_CONFIG_PATH
  • i18n: Update translation templates
  • client: Implement support for recursion=2
  • doc: Update requirements
  • lxd/images: Cleanup any leftovers on startup
  • Send a notification to other nodes when an image is removed
  • Silence shellcheck
  • doc: Update README a bit
  • doc: Add some more packages to README
  • doc: Add tcl to README
  • Makefile: Tweak sqlite build flags
  • doc: Pass LD_LIBRARY_PATH through sudo
  • Support moving a container within a cluster, keeping the same name
  • lxc/image: Fix URL-based imports
  • Update rest-api.md
  • shallow clone for deps
  • Shallow clone for dist
  • *: Rename macaroon(s) -> candid
  • lxd/patches: Add patch for macaroon/candid config
  • auth: Support URL based auth
  • Update i18n
  • doc: Add example of exec with record-output
  • lxd/devices: Iterate /sys/class/drm for GPUs
  • lxd/api: Sort list of endpoints

Support and upgrade

LXD 3.0.2 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.4 has been released

14th of August 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.4!

The main highlight for this release is the major performance improvement that made it in. We upgraded to a newer version of our database backend, introduced new internal APIs for batch queries, made it possible to query all container states in one API call and fixed a number of bottlenecks that were quite negatively affecting cluster performance.

Initial tests show that a cluster running several thousand containers will now usually return basic container status (lxc list --fast) in just a couple of seconds with most other operations also significantly faster than in the past. Things aren't quite as fast as we'd like them to be yet, especially when querying the full container state of hundreds/thousands of containers (lxc list) but we're working on a few options to improve that too.

As for new features, we added progress reporting to a few missing commands in our command line client, added support for aliasing to external commands and added support for cross-host DNS when using a Fan bridge on a LXD cluster.

Enjoy!

Important notes

Fixed container snapshot and backup naming

In the past, the name property of all snapshots and backups included the container name followed by a slash and then by the snapshot or backup name.

This was redundant given that you could only get this information by querying a particular container.

The API now only returns the snapshot or backup name but LXD still understands the old syntax to allow for migrations and restoring of existing backups.

Switched to a newer implementation of dqlite

dqlite, the distributed sqlite3 implementation that we started using for LXD in LXD 3.0 has been significantly reworked to remove a number of performance bottlenecks.

Most of the database logic is now done inside a C library (libdqlite) with a matching Go package (go-dqlite) providing the SQL interface for LXD.

The on-disk format remains unchanged, so there's no risky upgrade step for this but packagers need to be aware of the new library and package it with LXD.

Renamed lxc remote set-default to lxc remote switch

We renamed lxc remote set-default to the much friendlier and shorter lxc remote switch, this is in preparation for work on LXD projects which will have a similar switch subcommand.

lxc remote set-default remains valid as an alias of lxc remote switch.

Renamed the macaroon authentication options to candid

Now that a standard implementation of macaroon based authentication is publicly available in the Candid project we have updated LXD to support it and renamed our configuration options to match.

This primarily affects the old core.macaroon.endpoint which has now been renamed to candid.api.url. Upgrading to LXD 3.4 will automatically convert one into the other.

New features

Fan-aware DNS resolving for clusters

One problem several users ran into when running a LXD cluster using the Ubuntu Fan as an overlay network was that even though all traffic was properly routed between the various nodes, attempting to resolve the name of a container would only work if it happened to be running on the same cluster node.

LXD 3.4 changes that by now attempting to resolve DNS queries for the network's defined domain (lxd by default) against all of the nodes until one returns a value, making it feel like it's all handled by a single unified DNS server.

Faster API for container status

A new /1.0/containers?recursion=2 API has been added which allows for retrieving all containers, their configuration, their state, their snapshot list and their backup list in a single call.

This effectively lets you move from making 1 main API call followed by 3 additional calls per container to just doing a single call.

Progress information in lxc file and lxc import

Transferring files or uploading a backup to LXD will now get you progress information. When available, you'll get the percentage transferred and current speed, when the size is unknown, you'll still get how much was transferred and the transfer speed.

Aliases to external commands

It's now possible to setup aliases in the command line client which point to external commands. All you have to do is have the alias begin with the absolute path to the command to execute.

lxc alias add my-script "/usr/local/bin/myscript @ARGS@ --extra-args"

File capabilities support

All calls to tar and rsync now pass the required options to save and restore extended attributes, including file capabilities.

On top of that, we've implemented logic in our idmap package to shift and unshift files that include file capabilities, using the recently introduced unprivileged file capabilities.

On suitable kernels (upstream 4.14+) this will now allow LXD images to include file capabilities for utilities such as ping or mtr and have users of privileged or unprivileged containers alike be able to set and use those capabilities.

Bugs fixed

  • client: Centrally handle targeting
  • client: Fix CopyContainerSnapshot API
  • doc: Fix API output for snapshots
  • doc: Fix typo in storage documentation
  • doc: Update README to cover make deps and new requirements
  • doc: Update requirements
  • global: Support xattrs in rsync calls
  • global: Support xattrs in tar calls
  • global: Unify error messages
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Allow aliases to external commands
  • lxc: Make answer to remote add translatable
  • lxc/container: CEPH also needs offline quotas
  • lxc/copy: Update to fixed CopyContainerSnapshot
  • lxc/file: Show progress
  • lxc/image: Fix URL-based imports
  • lxc/import: Show progress
  • lxc/list: Port to ContainerFull
  • lxc/list: Support for recursion=2
  • lxc/remote: Fix crash on bad remote name
  • lxc/remote: Rename set-default to switch
  • lxc/storage: Fix bad argument parsing
  • lxc/utils: Handle empty progress
  • lxc-to-lxd: Fix lxc.rootfs parsing
  • lxc-to-lxd: Fix rootfs tests
  • lxd: Add dns forwarder
  • lxd: Don't include container name in backups/snapshots
  • lxd: Fix --syslog flag
  • lxd: Port over to new containerLoadAll function
  • lxd: Port over to new containerLoadNodeAll function
  • lxd/backups: No need for interfaces
  • lxd/cluster: Allow for MemberConfig to be empty in new join API
  • lxd/cluster: Fix typo in errors
  • lxd/cluster: Fix unit test regression
  • lxd/cluster: Only query the containers we need
  • lxd/cluster: Properly skip pending networks/pools
  • lxd/cluster/gateway: Log proxy errors
  • lxd/cluster/gateway: Tweak errors
  • lxd/containers: Add helpers for retrieving containers
  • lxd/containers: Don't flush leases for snapshots
  • lxd/containers: Fetch containers info in parallel
  • lxd/containers: Implement support for recursion=2
  • lxd/containers: Improve shutdown logic for cluster nodes
  • lxd/containers: Only get the profiles once
  • lxd/containers: Speed up recursive list
  • lxd/containers: Use internal struct values
  • lxd/db: Adapt main package to new cluster sub-package API
  • lxd/db: Add ContainerArgsList and ContainerArgsNodeList
  • lxd/db: Add support for "lxd sql global .sync"
  • lxd/db: Capitalize error messages
  • lxd/db: Drop go-1.6 backward compatibility
  • lxd/db: Drop raft snapshot workaround
  • lxd/db: Fix lints
  • lxd/db: Fix snapshot filtering
  • lxd/db: Fix some missing error checks
  • lxd/db: Limit open connections to local db after initialization
  • lxd/db: Redirect dqlite logging to lxd logging
  • lxd/db: Re-enable empty table checks
  • lxd/db: Replace grpc-sql with dqlite custom protocol
  • lxd/db: Use mattn's sqlite3 bindings instead of our fork
  • lxd/db: Wire dqlite server
  • lxd/forkproxy: use correct types for {g,u}ids
  • lxd/images: Cleanup any leftovers on startup
  • lxd/images: Send a notification to other nodes when an image is removed
  • lxd/import: Fix support for snapshots without container name
  • lxd/init: Make use of the new cluster join API
  • lxd/networks: Add support for FAN clustered DNS
  • lxd/networks: Don't try listing containers for lo
  • lxd/networks: Drop unused db property
  • lxd/networks: Fix packet stats logic for containers
  • lxd/networks: Ignore veth devices
  • lxd/networks/state: Skip non-existing interfaces
  • lxd/patches: Fix "no transaction is active" error during database updates
  • lxd/state: Add endpoints to state struct
  • lxd/storage: Cache storage version
  • lxd/storage: Don't log every storage init
  • lxd/storage/ceph: Fix default container quotas
  • lxd/storage/zfs: Optimize getting disk usage
  • Makefile: Add deps target
  • Makefile: Drop gccgo
  • Makefile: Drop outdated comment
  • Makefile: Fix tags handling
  • Makefile: Fix typo in .PHONY
  • Makefile: Include dqlite in dist tarball
  • Makefile: Rename protobuf to update-protobuf
  • Makefile: Require libsqlite3
  • Makefile: Respect CGO_CFLAGS
  • Makefile: Set PKG_CONFIG_PATH
  • Makefile: Tweak sqlite build flags
  • Makefile: Use shallow clone for dist
  • Makefile: Use shallow clone for deps
  • shared/api: Define ContainerFull
  • shared/idmap: C coding style fixups
  • shared/idmap: Convert uid from big to little endian
  • shared/idmap: Fix xattr.h import
  • shared/idmap: Shift fscaps
  • shared/idmap: s/set_caps/set_vfs_ns_caps/g
  • tests: Add test for cluster shutdown logic
  • tests: Fix lxc-to-lxd unit tests
  • tests: Fix new storage get/set test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.3 has been released

27th of July 2018

Introduction

The LXD team is very excited to announce the release of LXD 3.3!

This is a rather feature packed release, containing significant improvements to the proxy device, a complete rewrite of lxc-to-lxd, container deletion protection, improved debugging/profiling abilities, some improvements to network management and a number of new CLI options.

As well as the usual set of bugfixes.

New features

Rewrote and improved lxc-to-lxd

Our LXC to LXD migration tool has been rewritten in Go to match the rest of our codebase. It now uses the LXD migration API to transfer the containers (similar to lxd-p2c) and has support for both LXC 2.x and 3.x.

Network state API

A new API at /1.0/networks/<NAME>/state was added to return information about an existing network interface, example output is:

{
    "addresses": [
        {
            "address": "10.166.11.1",
            "family": "inet",
            "netmask": "24",
            "scope": "global"
        },
        {
            "address": "2001:470:b368:4242::1",
            "family": "inet6",
            "netmask": "64",
            "scope": "global"
        },
        {
            "address": "fe80::4865:17ff:fed5:e347",
            "family": "inet6",
            "netmask": "64",
            "scope": "link"
        }
    ],
    "counters": {
        "bytes_received": 45866443,
        "bytes_sent": 3087152218,
        "packets_received": 600757,
        "packets_sent": 772253
    },
    "hwaddr": "fe:65:0e:c3:df:3d",
    "mtu": 1500,
    "state": "up",
    "type": "broadcast"
}

A new sub-command was added to the command line client to query this:

stgraber@castiana:~$ lxc network info lxdbr0
Name: lxdbr0
MAC address: fe:65:0e:c3:df:3d
MTU: 1500
State: up

Ips:
  inet  10.166.11.1
  inet6 2001:470:b368:4242::1
  inet6 fe80::4865:17ff:fed5:e347

Network usage:
  Bytes received: 45.87MB
  Bytes sent: 3.09GB
  Packets received: 600756
  Packets sent: 772248

Deletion protection for containers

A new security.protection.delete configuration key can now be set to true on containers that you want to protect from accidental deletion.

It can be used like this:

stgraber@castiana:~$ lxc config set c1 security.protection.delete true
stgraber@castiana:~$ lxc delete c1
Error: Container is protected
stgraber@castiana:~$ lxc config unset c1 security.protection.delete
stgraber@castiana:~$ lxc delete c1

New configuration options for the proxy device type

The proxy device got some significant improvements in this release.

It's now possible to control ownership and permissions on listening unix sockets with the following new properties:

  • uid
  • gid
  • mode

As well as control privilege dropping of the proxy process itself with:

  • security.uid
  • security.gid

The proxy can also now set a Haproxy compatible PROXY header (V1) for TCP connections by setting the proxy_protocol key to true.

And lastly, it's possible to skip the proxy process entirely in some cases and use NAT instead by setting the nat property to true. Note that for it to work, the connection must be either UDP or TCP on both ends and a static IP address must be set for the container through the ipv4.address or ipv6.address properties on its nic device.

Downloading images through the host

LXD 3.2 introduced a new devlxd API that allowed downloading of public or cached images from the LXD daemon from within the container so long as security.devlxd was enabled (default) and security.devlxd.images was set to true.

LXD 3.3 now itself supports using that new API and will attempt to fetch image artifacts from the host before hitting the network. This can result in significant bandwidth savings for users of nested LXD.

Built-in debugging and profiling server

LXD now has a built-in pprof server which can be enabled by setting the core.debug_address property using the same syntax as core.https_address.

You can then access http://<address>/debug/pprof to get some basic information out of the LXD daemon. The same URL can be used with the pprof tool to extract much more detailed information.

--format option to lxc network list

This new option matches that on a number of other sub-commands and let you choose between table, csv, json and yaml output.

Overriding device configuration during copy and move

It is now possible to override specific device configuration keys during remote copy or move operations by passing -d <device>,<key>=<value> to lxc copy or lxc move.

--dump option to lxd init

LXD supports configuration pre-seeding through lxd init --preseed, up until now, the only way to get a preseed was at the end of an interactive lxd init run or by manually writing one.

The new lxd init --dump will now generate a preseed file based on the running LXD configuration. This can make configuring a new, near-identical LXD server much easier.

bridge.hwaddr property for LXD networks

Setting the new bridge.hwaddr property on a network will let you control the MAC address of the LXD bridge. This can be useful for systems that are monitored/graphed and where the ever changing MAC address was causing some issues.

ipv4.nat.order and ipv6.nat.order properties for LXD networks

Those two new options control the order in which the NAT rules are added to the firewall. They default to before, meaning that the generated rules will apply before any pre-existing user rules. Setting to after instead may be useful when manually added firewall rules should be run prior to LXD's own rules.

Bugs fixed

  • client: Export OperationWait
  • client: Split LXD download code into own function
  • doc: Document hostname requirements
  • doc: Fix links in api-extension
  • doc: Fix missing escaping in api-extensions
  • doc: Fix "neighbour: ndisc_cache: neighbor table overflow"
  • doc: Fix storage volume examples
  • doc: Note that default profile cannot be deleted/renamed
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Be clever about when to show "lxd init"
  • lxc: Switch to Ubuntu 18.04 as initial container
  • lxc/cluster: Remove bad alias
  • lxc/profile: Fix "get" command
  • lxd: Fix StoragePoolVolumesGetNames
  • lxd: Make iptables logic usable for containers
  • lxd: Move command structs around
  • lxd: Prevent renaming/deletion of the default profile
  • lxd: Properly set containerArgs in all cases
  • lxd/apparmor: Allow ro bind-mounts and remounts
  • lxd/apparmor: Fix typo in nesting profile
  • lxd/certificates: Log password failures
  • lxd/cluster: Fix attaching CEPH custom volumes
  • lxd/cluster: Only restart local containers
  • lxd/cluster: Reduce the frequency of raft snapshots
  • lxd/containers: adapt allowedUnprivilegedOnlyMap()
  • lxd/containers: Allow identity mappings for unprivileged containers
  • lxd/containers: Don't fail while parsing NVIDIA GPU list
  • lxd/containers: Fix Nvidia minor index parsing
  • lxd/containers: Fix removing NVIDIA containers
  • lxd/containers: Handle cards among Nvidia devices
  • lxd/containers: Special case passing all GPUs
  • lxd/containers: use lxcSetConfigItem() for lxc.log.file
  • lxd/containers: Validate proxy config early
  • lxd/db: Don't hang after bad request
  • lxd/db: Fix handling of NetworkConfigClear
  • lxd/init: Allow selecting custom Fan underlay
  • lxd/init: Fix typo in Fan question
  • lxd/migration: Fix cross version migrations
  • lxd/networks: Calculate Fan MTU based on parent
  • lxd/networks: Fix PATCH operations
  • lxd/networks: Fix port number for DHCPv6
  • lxd/networks: Fix revert on update failure
  • lxd/networks: Improve dnsmasq leases cleanup
  • lxd/networks: Improve error on missing openvswitch
  • lxd/networks: Skip DHCP mangle if firewall off
  • lxd/networks: Support stateful DHCPv6 with prefixes longer than /64
  • lxd/operations: Forward to right cluster node
  • lxd/patches: Force a one-time config re-gen
  • lxd/patches: Make config re-gen fault tollerant
  • lxd/patches: Make lvm.thinpool_name and lvm.vg_name node-specific
  • lxd/proxy: Convert mode from string to octal
  • lxd/proxy: Handle full socket buffer
  • lxd/storage: Allow deleting storage pools that only contain image volumes
  • lxd/storage/btrfs: Fix recursive snapshots
  • lxd/storage/ceph: Don't keep snapshots mounted
  • lxd/storage/ceph: Mount the fs after growing the block
  • lxd/storage: Drop late size check
  • lxd/storage: Fix double quoting
  • lxd/storage: Fix PATCH on storage pools
  • lxd/storage: Fix volume creation API
  • lxd/storage: Keep images when deleting pool
  • lxd/storage/lvm: Fix umount logic during btrfs copy
  • lxd/storage/lvm: Round size to closest 512 bytes
  • lxd/storage: Remove image on pool deletion
  • lxd/storage/zfs: Support querying version through modinfo
  • shared: Dereference directory symlinks
  • shared: Do not print writer struct on network error
  • shared: Move parseNumberFromFile to shared
  • shared/idmap: support skipping directories
  • shared/util: Fix unit parsing (metric vs iec)
  • tests: Add alternative TCP port finder
  • tests: Add test for network put/patch
  • tests: Fix race in network test
  • tests: Fix static analysis
  • tests: Perform a lazy umount in case of errors
  • tests: Switch to MiB for btrfs resize
  • tests: Test default profile renaming/deletion

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.2 has been released

23rd of June 2018

Introduction

This month's LXD release comes with a lot of bugfixes and performance improvements, especially for those using LXD clustering.

Feature wise, this release has a lot of improvements for those using the proxy device type first introduced in LXD 3.0, foundation work for image download improvements in nested environments and closes a big gap in our storage story by allowing containers to be copied and moved between pools.

The changes in this release include

Features:

  • Added a new API to /dev/lxd allowing for direct download of public and cached images from the host (requires security.devlxd.images)
  • Added support for copying and moving containers between storage pools
  • Big improvements to the proxy device:
    • Unix socket support (including OOB packets)
    • UDP support
    • Port ranges for UDP and TCP
  • New simplified cluster join API

Bugfixes:

  • client: Enable TCP KeepAlive
  • doc: Add links to REST API
  • doc: Fix typo in api-extensions.md
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Properly handle --target in copy and move
  • lxc/{import,export}: Deal with snap paths
  • lxc/move: Support config and profile overrides
  • lxd: Cleanup logging
  • lxd: Drop manual GC calls
  • lxd: Fix some format strings
  • lxd: Improve error messages
  • lxd/cluster: Broadcast profile changes to other cluster nodes
  • lxd/cluster: Fix bad database query when updating storage pools
  • lxd/cluster: Improve error on bad target
  • lxd/cluster: Improve errors and docs for member-specific config keys
  • lxd/cluster: Redirect container/snapshost publish to the relevant member
  • lxd/cluster: Serialize reads to the cluster database
  • lxd/containers: Assume device node for older NVIDIA GPUs
  • lxd/containers: Don't update MAAS for snapshots
  • lxd/containers: Fix fd leak in metadata
  • lxd/containers: Manually release the liblxc structs
  • lxd/forkmount: Ignore ENOENT and EINVAL on umount2()
  • lxd/maas: Allow starting with MAAS offline
  • lxd/maas: Make errors more readable
  • lxd/migrate: Remove debug residuals
  • lxd/migration: Don't pass -vP to a hidden rsync
  • lxd/nsexec: Prevent fd leak
  • lxd/nsexec: Simplify attach_userns()
  • lxd/storage/lvm: Fix mixup between pool name and VG name
  • lxd/storage/lvm: Rename default thinpool to LXDThinPool
  • lxd/storage/zfs: Improve defaults
  • lxc-to-lxd: Respect LXD_SOCKET environment variable
  • lxd-p2c: Add rsync version check
  • lxd-p2c: Allow overriding rsync args
  • lxd-p2c: Better report rsync errors
  • lxd-p2c: Delete containers on failure
  • lxd-p2c: Handle target URL smarter
  • lxd-p2c: Ignore missing arg errors
  • lxd-p2c: Send rsync output to stderr
  • shared: Add abstract unix socket helpers
  • shared/eagain: Handle EINTR
  • shared/idmap: Allow uidmaps to be parsed from alternate roots
  • tests: Fix broken alternate TLS server cert in integration tests
  • tests: Reduce ceph pg_num down to 1

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.1 has been released

5th of June 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.1!

As a stable bugfix release, no major changes have been done, instead focusing on bugfixes and minor usability improvements.

Minor improvements

  • Added version subcommands to lxc and lxd
  • Reworked lxd init for clustering a bit to offer better network configuration options
  • Added a new lxc cluster enable command
  • Reworked the lxd sql subcommand to support both local and global databases
  • lxd init --auto now also configures a default bridge

Bugfixes

  • lxc: Fix mistakenly hidden commands
  • i18n: Update translation templates
  • lxd/migration: Pre-validate profiles
  • client: Improve remote operation errors
  • Fix some typos and wording.
  • Wording fix.
  • lxc/image: Fix crash due to bad arg parsing
  • lxd: add missing limits.h include
  • lxd/init: Fix --auto with network config
  • lxc: Consistent naming of clustering terms
  • i18n: Update translation templates
  • lxc/file: Fix pushing files to remote
  • lxd/init: Don't setup a remote storage pool by default
  • Fix lxd init failing to join a cluster in interactive mode with an existing zfs dataset
  • lxc/query: Fix -d and -X
  • lxc/help: Make help respect --all too
  • Fix typo in help of "lxc network"
  • Properly filter node-level storage configs by pool ID
  • i18n: Update translation templates
  • lxd/init: Consistency
  • Make new gofmt happy
  • lxc/file: Allow using -r to follow symlinks
  • Replace juju/idmclient with CanonicalLtd/candidclient
  • lxc/config: Fix adding trust cert on snap
  • lxc/alias: Fix example in help message
  • i18n: Update translation templates
  • client: Introduce LXD_SOCKET
  • Makefile: Add a manifest
  • containers: fix snapshot deletion
  • lxc/init: Add missing --no-profiles
  • i18n: Update translations
  • lxc/file: Fix pull target logic
  • doc: Fix example in userns-idmap
  • devices: fail if Nvidia device minor is missing
  • Add db.ContainersNodeList
  • storage: createContainerMountpoint() fix perms
  • ceph: s/0755/0711/g
  • lvm: s/0755/0711/g
  • storage utils: s/0755/0711/g
  • zfs: s/0755/0711/g
  • patches: add "storage_api_path_permissions"
  • sys/fs: s/MkdirAll/Mkdir/g
  • btrfs: fix permissions
  • Pass a logger to raft-http
  • Add new cluster.Promote function to turn a non-database node into a database one
  • Add new cluster.Rebalance function to check if we need to add database nodes
  • Notify the cluster leader after a node removal, so it can rebalance
  • Add integration test
  • doc: Tweak backup.md
  • lxd/init: Require root for interactive cluster join
  • Disable flaky unit tests for now
  • Log the error that made Daemon.Init() fail
  • client: Expose http URL in ConnectionInfo
  • lxc/query: Add support for non-JSON endpoints
  • Handle empty query strings
  • Support reading queries from standard in
  • Support passing multiple queries
  • Rename database files
  • Support querying both local and global database
  • Update integration tests
  • Normalize name of images_aliases table
  • Add query.Dump helper to dump schema and data
  • Add support for dump command in lxd sql
  • lxd/containers: Fix lxc.net check
  • doc/backup.md: update snap path
  • Add lxc cluster enable command
  • Fix command description formatting
  • Update .pot files
  • Use an isolated LXD instance in integration tests
  • Start a container in the integration test
  • Address style comments
  • add LXD_UNPRIVILEGED_ONLY to disallow privileged containers.
  • lxd: tweak LXD_UNPRIVILEGED_ONLY
  • doc: add LXD_UNPRIVILEGED_ONLY
  • tests: add tests for LXD_UNPRIVILEGED_ONLY
  • Reword errors when LXD_UNPRIVILEGED_ONLY is set
  • lxd/containers: Allow sending progress
  • lxc/rename: Deal with remote renames
  • lxd/db: Don't crash on empty queries
  • lxd/sql: Drop custom table renderer
  • lxd/network: Fix fan subnet calculation logic
  • Update translations from weblate
  • lxc/main: Fix remote caching
  • lxc/storage_volumes: Various fixes
  • tests: Add extra cleanup code
  • lxd/storage: Also set zfs.pool_name on upgrade
  • migration: fix btrfs live migration
  • lxd/containers: Fix broken unix hotplug logic
  • lxc/list: Reduce number of API calls
  • Make the interaction betwean lxd daemon and waitready non-blocking
  • Increase logging during startup
  • Remove log alias for waitready
  • Remove log alias for db.OpenCluster
  • Make Unavailable accept an error parameter
  • Add a new Schema.File() method to load extra queries from a file
  • Add support for patch.local.sql and patch.global.sql
  • Add integration tests
  • Add shared.DirCopy to recursively copy a directory.
  • Update database.md
  • Backup global database if non-clustered
  • lxd/init: Offer to setup a Fan bridge when clustered
  • lxd init: fix maas.api.url check when setting up existing bridge
  • Take raft snapshots more frequently and at shutdown
  • Add --schema flag to lxd sql to dump only the schema.
  • Update database.md with information about lxd sql and patch.*.sql
  • Document how to dump the content or schema of databases
  • Fix shell lints
  • Disable snapshot logging, as it's too verbose now
  • Make .dump and .schema special queries, for consistency with sqlite3
  • Run make i18n
  • xattr: Support empty values
  • doc: s/status command/info command/
  • lxd/init: Explain password less behavior
  • Make waitready less verbose
  • devices: clone mode of device
  • lxd/init: Have --auto setup networkng if missing
  • container_lxc: fix optional property for disk devs
  • test: Fix busybox image
  • lxc/action: Fix pause
  • lxd/callhook: Respect LXD_SOCKET environment variable
  • forkfile: only open O_RDWR if necessary
  • Consider a copy to be local only when not clustered
  • Add integration tests
  • api: Add backup structs
  • client: Implement backup functionality
  • shared: Implement RunCommandWithFds
  • btrfs: add doContainerCreate()
  • btrfs: add doContainerSnapshotCreate()
  • ceph: ensure fs consistency when snapshotting
  • ceph: ensure fs consistency when restoring
  • ceph: add doContainerCreate()
  • ceph: add doContainerMount()
  • lvm: add doContainerMount()
  • zfs: add doContainerMount()
  • zfs: add do*() helpers
  • lvm: use internal pool name
  • lxd-p2c: Handle target URL smarter
  • lxd-p2c: Ignore missing arg errors
  • lxd-p2c: Delete containers on failure
  • lxd-p2c: Better report rsync errors
  • lxd-p2c: Allow overriding rsync args
  • Serialize reads to the cluster database
  • doc: Fix typo in api-extensions
  • Redirect container/snapshost publish API requests to the relevant node
  • gpu: fallback to default device mode
  • Improve error messages and docs about node-specific config keys for pools and networks
  • Avoid wrapping long lines
  • lxd-p2c: Add rsync version check
  • lvm: s/LXDPool/LXDThinPool/g
  • Extract expandConfigFromProfiles from expandConfig to avoid db interaction
  • Broadcast profile changes to other cluster nodes
  • lvm: use LXD pool name
  • tests: Reduce ceph pg_num down to 1
  • lxc-to-lxd: Respect LXD_SOCKET environment variable
  • Manually release the liblxc structs
  • Drop manual GC calls
  • lxd/containers: Fix fd leak in metadata

Support and upgrade

LXD 3.0.1 is supported until June 2023 and is our current LTS release, users are encouraged to update to the latest bugfix releases as they're made available.

Downloads

LXD 3.1 has been released

15th of May 2018

Introduction

LXD 3.1 is the first feature release following our last LTS release (3.0). As a feature release, it will only be supported until LXD 3.2 is released next month.

We recommend critical production environments stick to the LTS branch instead. If you're using the snap, you can enforce that with snap refresh lxd --channel=3.0.

Note that LXD does not support downgrades, so a system that's upgraded to LXD 3.1 will not be able to go back to LXD 3.0.0.

Note for Ubuntu users

LXD 3.1 will only be made available as a snap package. We will not be uploading it as a deb to Ubuntu 18.10 or through backports to previous releases. Moving forward all feature releases of LXD will only be available through the snap.

Note that this does NOT affect users of LXD 3.0.x as present in Ubuntu 18.04 where further bugfix/security releases will be uploaded as debs until Ubuntu 18.04 reaches end of life.

The changes in this release include

Features: - Introduced a new backup API and ability to export/import containers using it. In the CLI those are new lxc export and lxc import commands: asciicast - Made it possible to override the LXD socket path with LXD_SOCKET - Made it possible to disable the use of privileges containers through a new LXD_UNPRIVILEGED_ONLY environment variable. - Improved the lxd sql command to support interacting with both databases, support making database and schema dumps, run multiple queries an read from a script. - Added a new lxc cluster enable command to easily convert an existing LXD server into an initial cluster node - Extended lxd init to offer setting up a Fan overlay for clustering users - Extended lxd init --auto to also auto-configure an initial network

Bugfixes: - client: Expose http URL in ConnectionInfo - client: Improve remote operation errors - doc: Document how to dump the content or schema of databases - doc: Fix example in userns-idmap (Issue #4437) - doc: Fix some typos and wording - doc: s/status command/info command/ (Issue #4527) - doc: Tweak backup.md - doc: Update database.md with information about lxd sql and patch..sql - doc: Update snap path in backup.md - global: Make new gofmt happy - global: Replace juju/idmclient with CanonicalLtd/candidclient - i18n: Update translations from weblate - lxc: Add version subcommand (Issue #4381, Issue #4382) - lxc: Consistent naming of clustering terms - lxc: Fix mistakenly hidden commands (Issue #4380) - lxc/action: Fix pause - lxc/alias: Fix example in help message (Issue #4424) - lxc/config: Fix adding trust cert on snap (Issue #4418) - lxc/copy: Consider a copy to be local only when not clustered - lxc/file: Allow using -r to follow symlinks (Issue #4411) - lxc/file: Fix pull target logic - lxc/file: Fix pushing files to remote (Issue #4394) - lxc/help: Make help respect --all too (Issue #4406) - lxc/image: Fix crash due to bad arg parsing - lxc/init: Add missing --no-profiles - lxc/list: Reduce number of API calls - lxc/main: Fix remote caching - lxc/network: Fix typo in help message - lxc/query: Add support for non-JSON endpoints (Issue #4452) - lxc/query: Fix -d and -X (Issue #4406) - lxc/remote: Add format option to list - lxc/rename: Deal with remote renames (Issue #4486) - lxc/storage_volumes: Various fixes - lxd: Add missing limits.h include - lxd: Add version subcommand - lxd: Increase logging during startup - lxd: Log the error that made Daemon.Init() fail - lxd: Make the interaction betwean lxd daemon and waitready non-blocking - lxd: Make Unavailable accept an error parameter - lxd/cluster: Add new cluster.Promote function - lxd/cluster: Add new cluster.Rebalance function - lxd/cluster: Notify the leader after a node removal, so it can rebalance - lxd/cluster: Pass a logger to raft-http - lxd/cluster: Properly filter node-level storage configs by pool ID - lxd/containers: Allow configuration of mount-propagation - lxd/containers: Allow sending progress (Issue #4447) - lxd/containers: Fix broken unix hotplug logic (Issue #4495) - lxd/containers: Fix lxc.net check (Issue #4466) - lxd/containers: Fix optional property for disk devs (Issue #4538) - lxd/containers: Fix snapshot deletion (Issue #4431) - lxd/database: Add a new Schema.File() method to load extra queries from disk - lxd/database: Add db.ContainersNodeList - lxd/database: Add query.Dump helper to dump schema and data - lxd/database: Add support for patch.local.sql and patch.global.sql - lxd/database: Backup global database on upgrade if non-clustered - lxd/database: Rename database files - lxd/database: Take raft snapshots more frequently and at shutdown - lxd/db: Don't crash on empty queries - lxd/devices: Clone mode of source device (Issue #4534) - lxd/devices: Fail if Nvidia device minor is missing (Issue #4441) - lxd/forkfile: Only open O_RDWR if necessary (Issue #4552) - lxd/init: Don't setup a remote storage pool by default - lxd/init: Explain passwordless behavior (Issue #4524) - lxd/init: Fix --auto with network config - lxd/init: Fix interactive cluster join with an existing ZFS (Issue #4404) - lxd/init: Fix maas.api.url check when setting up existing bridge - lxd/init: Make questions more consistent - lxd/init: Require root for interactive cluster join (Issue #4451) - lxd/migration: Fix btrfs live migration (Issue #4475) - lxd/migration: Pre-validate profiles (Issue #4379) - lxd/network: Fix fan subnet calculation logic - lxd/patches: Add "storage_api_path_permissions" patch - lxd/sql: Drop custom table renderer - lxd/sql: Handle empty query strings - lxd/storage: Also set zfs.pool_name on upgrade (Issue #4489) - lxd/storage/btrfs: Add doContainerCreate() - lxd/storage/btrfs: Add doContainerSnapshotCreate() - lxd/storage/ceph: Add doContainerCreate() - lxd/storage/ceph: Add doContainerMount() - lxd/storage/ceph: Ensure fs consistency when restoring - lxd/storage/ceph: Ensure fs consistency when snapshotting - lxd/storage: createContainerMountpoint() fix perms - lxd/storage: Handle ContainerDelete() correctly - lxd/storage: Handle ContainerRename() correctly - lxd/storage/lvm: Add doContainerMount() - lxd/storage/zfs: Add doContainerMount() - lxd/storage/zfs: Add do() helpers - lxd/sys/fs: s/MkdirAll/Mkdir/g (Issue #4433) - Makefile: Add a manifest (Issue #4421) - shared: Support empty values in xattr - tests: Add extra cleanup code - tests: Fix busybox image

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 3.0.0 has been released

2nd of April 2018

Introduction

The LXD team is pleased to announce the release of LXD 3.0.0! This is the second LTS release for the LXD project and will be supported until June 2023.

New features (since 2.21)

LXD 3.0 is going to be our main LTS release for the next two years, receiving frequent bugfix updates backported from the current feature release.

We spent over 3 months since the LXD 2.21 release to land all the features we wanted to see in LXD 3.0 and clean up a lot of existing code to make it maintainable for the duration of the LTS, below are the main highlights.

Clustering

The biggest new feature for LXD 3.0 is the introduction of clustering support. This allows for identically configured LXD servers to be joined together as part of a cluster, appearing to the outside world as one big LXD server.

The LXD database is replicated using dqlite (a combination of sqlite3 and raft), making it so that 3 of the cluster members have a copy of the entire database at any given time.

No special system configuration or services are required to setup LXD clustering, all you need is a few available machines or VMs with similar network and storage properties, then lxd init will walk you through the process of creating the cluster and then joining some servers into it.

Here's a short recording of setting up a LXD cluster on 3 nodes using MAAS to allocate machines and networks: https://www.youtube.com/watch?v=RnBu7t2wD4U

The main contributor for this feature, Free Ekanayaka also gave a longer presentation on LXD clustering at FOSDEM 2018 which you can check out here: https://www.youtube.com/watch?v=DVqMeo3lvv0

You can also check the documentation here: https://lxd.readthedocs.io/en/stable-3.0/clustering/

Physical to container migration with lxd-p2c

A new tool called lxd-p2c makes it possible to import a system's filesystem into a LXD container using the LXD API.

After building a copy of the tool, the resulting binary can be transferred to any system that you want to turn into a container. Point it to a remote LXD server and the entire system's filesystem will be transferred over the LXD migration API and a new container be created.

The main contributor for this feature, Stéphane Graber, also gave a presentation about it at FOSDEM 2018, the video is available here: https://www.youtube.com/watch?v=JKztAWZOj9g

Support for NVIDIA runtime passthrough

A common issue for those using NVIDIA GPUs inside containers is the requirement to keep the userspace libraries in sync with the kernel driver.

This is made particularly difficult if the container's owner isn't also the host's owner as the two are then likely to become out of sync at any time and without warning.

A newly introduced nvidia.runtime container configuration key, combined with a copy of the nvidia-container-cli tool and liblxc 3.0 now makes it possible to automatically detect all the right bits on the host system and pass them into the container at boot time.

This lets you save a lot of space and greatly simplifies maintenance.

asciicast

Hotplug support for unix-char and unix-block devices

A new required property has been added to all unix type devices. When set to false, LXD will wait until the requested path is available on the host before automatically passing it into the container.

This allows for something like this:

lxc config device add c1 ttyUSB0 unix-char path=/dev/ttyUSB0 required=false

The c1 container will now get access to that USB serial device as soon as it's plugged into the system and it will automatically be removed from the container when unplugged.

Local copy/move of storage volumes

It's now possible to copy and move custom storage volumes between storage pools.

```bash stgraber@castiana:~$ lxc storage volume copy ssd/example default/example Storage volume copied successfully!

stgraber@castiana:~$ lxc storage volume move ssd/example default/example Storage volume moved successfully! ```

Remote transfer of custom storage volumes

A new storage migration API was introduced allowing for the exact same operations as shown above to work between LXD servers as well, using the same syntax as would be used for container migration.

proxy device type to forward network connections

The new proxy device type allows for forwarding TCP connections between host and containers.

For example, to forward any connection to port 80 on the host to container c1 on it's localhost IP on port 80:

lxc config device add c1 http proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80

Events through /dev/lxd

The REST API endpoint exposed inside the container can now be used to receive events whenever a configuration key or device is added, removed or modified.

``` root@c1:~# curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" --header "Sec-WebSocket-Version: 13" --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" --unix-socket /dev/lxd/sock lxd/1.0/events HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: qGEgH3En71di5rrssAZTmtRTyFk=

{"metadata":{"key":"user.foo","old_value":"","value":"bar"},"timestamp":"2018-04-02T23:58:54.433992023-04:00","type":"config"} {"metadata":{"action":"added","config":{"path":"/home","source":"/home","type":"disk"},"name":"home"},"timestamp":"2018-04-02T23:59:25.65007597-04:00","type":"device"} ```

Switched command line parser

Our previous command line parser, gnuflag, didn't match our command line structure particularly well, causing confusing help and error messages. We have now transitioned to using the cobra command line parser, joining a number of other major Go projects.

Process count column in lxc list

An optional "processes" column was added to lxc list showing the number of processes running inside the container.

bash stgraber@castiana:~$ lxc list -c nsN c1 +------+---------+-----------+ | NAME | STATE | PROCESSES | +------+---------+-----------+ | c1 | RUNNING | 33 | +------+---------+-----------+

lxc storage info sub-command

A new info subcommand was added as a way to get easy human readable information about a storage pool:

bash stgraber@castiana:~$ lxc storage info ssd info: description: "" driver: dir name: ssd space used: 9.29GB total space: 173.12GB used by: {}

Option for alternate IPv4 gateway

A new ipv4.dhcp.gateway option is now available for LXD managed bridges. This lets you set a gateway other than LXD itself and can be useful when mixing LXD bridges with physical networks.

When doing recursive file transfers including some symlinks, those will be properly created as symlinks on the target, rather than the content of the file they point to be pushed or pulled.

Pretty rendering of log entries in lxc monitor

The LXD log messages have always been available over the event interface, accessible through the lxc monitor tool. However those raw events were sometimes pretty hard to read.

The command line client now knows how to filter and re-format those log events to look exactly as if you were looking at the server's log output.

bash stgraber@castiana:~$ lxc monitor --pretty --loglevel=info --type=logging INFO[04-02|22:57:39] Stopping container action=stop created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT" INFO[04-02|22:57:40] Stopped container action=stop created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT" INFO[04-02|22:57:40] Starting container action=start created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT" INFO[04-02|22:57:41] Started container action=start created="2018-02-27 18:02:02 -0500 EST" ephemeral=false name=snapcraft stateful=false used="2018-03-29 15:33:05 -0400 EDT"

lxc network list-leases sub-command

DHCP leases on LXD managed bridges can now be queried directly through the API and the command line tool.

bash stgraber@castiana:~$ lxc network list-leases lxdbr0 +-----------+-------------------+---------------+---------+ | HOSTNAME | MAC ADDRESS | IP ADDRESS | TYPE | +-----------+-------------------+---------------+---------+ | bar | 00:16:3e:e0:36:3a | 10.166.11.185 | DYNAMIC | +-----------+-------------------+---------------+---------+ | snapcraft | 00:16:3e:be:f1:87 | 10.166.11.120 | DYNAMIC | +-----------+-------------------+---------------+---------+

lxc alias command

It's now possible to list, create and delete command line aliases directly from the command line tool, rather than having to manually edit the configuration file.

bash stgraber@castiana:~$ lxc alias list +--------+-------------------------------------------+ | ALIAS | TARGET | +--------+-------------------------------------------+ | delete | delete -f | +--------+-------------------------------------------+ | ls | list -c ns46S | +--------+-------------------------------------------+ | ubuntu | exec @ARGS@ -- sudo --login --user ubuntu | +--------+-------------------------------------------+

lxc config device override sub-command

To override a particular option of a device that's inherited from a profile, such as the default network interface, you need to create a device that's local to the container and uses the same name as the one from the profile. This device will then take priority over the one coming from the profile and let you set any configuration you want.

To simplify this process, this can all be done now by using lxc config device override, passing it the container, device and configuration keys that should be changed.

bash stgraber@castiana:~$ lxc launch ubuntu:16.04 c1 Creating c1 Starting c1 stgraber@castiana:~$ lxc config device override c1 eth0 ipv4.address=10.166.11.42 Device eth0 overridden for c1 stgraber@castiana:~$ lxc restart c1 stgraber@castiana:~$ lxc list c1 +------+---------+---------------------+----------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+---------------------+----------------------------------------------+------------+-----------+ | c1 | RUNNING | 10.166.11.42 (eth0) | 2001:470:b368:4242:216:3eff:fed1:aff3 (eth0) | PERSISTENT | 0 | +------+---------+---------------------+----------------------------------------------+------------+-----------+

Operations now have a description

A new description field is now present in the API for all background operations and is exposed in the command line tool.

bash stgraber@castiana:~$ lxc operation list +--------------------------------------+-----------+---------------------+---------+------------+----------------------+ | ID | TYPE | DESCRIPTION | STATUS | CANCELABLE | CREATED | +--------------------------------------+-----------+---------------------+---------+------------+----------------------+ | 343b1700-c0bd-44fa-8b1f-e6a8fdb91b42 | WEBSOCKET | Migrating container | RUNNING | NO | 2018/04/03 02:51 UTC | +--------------------------------------+-----------+---------------------+---------+------------+----------------------+ | 65494c6e-7643-4ed5-8abf-497e57cfdd5c | WEBSOCKET | Executing command | RUNNING | NO | 2018/04/03 02:51 UTC | +--------------------------------------+-----------+---------------------+---------+------------+----------------------+

lifecycle type events

A new event class called lifecycle has been introduced, to provide much easier tracking of what LXD is doing from scripts or other API clients, without having to interpret LXD's log messages.

```bash stgraber@castiana:~$ lxc monitor --type=lifecycle metadata: action: container-updated source: /1.0/containers/bar timestamp: "2018-04-02T22:53:06.742745596-04:00" type: lifecycle

metadata: action: container-started source: /1.0/containers/bar timestamp: "2018-04-02T22:53:07.234066242-04:00" type: lifecycle

metadata: action: container-shutdown source: /1.0/containers/bar timestamp: "2018-04-02T22:53:19.885795751-04:00" type: lifecycle

metadata: action: container-deleted source: /1.0/containers/bar timestamp: "2018-04-02T22:53:23.813480386-04:00" type: lifecycle ```

Requirements

LXD 3.0 now requires Go 1.9 or higher. While it may be possible to build it with an older version at this point, there is no guarantee that we won't start making use of newer Go functions in later bugfix releases.

Support and upgrade

LXD 3.0.0 will be supported until June 2023 and our current LTS release, LXD 2.0 will now switch to a slower maintenance pace, only getting critical bugfixes and security updates.

Users of the LXD feature branch (currently at 2.21) should update to 3.0 to keep being supported and get all the bugfixes and new features that LXD 3.0 provides.

Users of the LXD LTS branch (2.0.11) can choose to stay on LXD 2.0 and keep getting critical security fixes or upgrade to LXD 3.0. Those using LXD LTS in critical production environments will likely want to start upgrading a few test systems to LXD 3.0 to check for any potential issue and then upgrade the rest of their machines after LXD 3.0.1 is released.

Availability as a snap package from upstream

The recommended way to install and keep LXD up to date is by using the upstream provided snap package. This ensures that all systems are running the exact same copy of LXD and simplifies the bug reporting and debugging process.

For the LXD snap, 3 tracks are provided:

  • latest (latest LXD feature release, currently 3.0)
  • 2.0 (previous LTS release)
  • 3.0 (current LTS release)

For each of those tracks, 3 channels are maintained:

  • edge (automatic, untested builds from the upstream repository)
  • candidate (the future stable build, available for testing about 48h prior to promotion)
  • stable (the current stable, supported build)

Users who wish to install LXD 3.0 and then get upgraded to 3.1 in a month or so, should use:

snap install lxd

Users who wish to install LXD 3.0 and then only get bugfixes and security updates, should use:

snap install lxd --channel=3.0

If running staging systems, you may want to run those on the candidate channels, using --channel=candidate and --channel=3.0/candidate respectively.

Switching between tracks and channels is possible by using snap refresh but note that LXD doesn't support downgrading and will fail to start if you attempt it.

Downloads

Contributors

The LXD 3.0.0 release was brought to you by a total of 18 contributors.

LXD 2.21 has been released

20th of December 2017

The changes in this release include

Features:

  • The lxc start/stop/restart/pause commands now accept a new --all flag.
  • Introduced a new infiniband device type which supports physical passthrough of Infiniband devices as well as SR-IOV allocated cards.
  • Added a new security.devlxd configuration key to control the presence of /dev/lxd inside the container.
  • Added support for incremental memory copy with container live-migration. This is controlled by a set of new migration.incremental.memory configuration keys.
  • A new boot.stop.priority configuration key can be used to control container shutdown order when LXD is brought down.
  • LXD users that use MAAS to manage their networks can now have LXD directly drive MAAS, recording all containers in MAAS and setting up static allocations in MAAS managed subnets. This is controlled with the maas.api.url and maas.api.key daemon keys as well as the maas.subnet.ipv4 and maas.subnet.ipv6 network interface configuration keys.

Bugfixes:

  • client: URL escape all user input (Issue #4077)
  • doc: Add example to create an storage pool from existing LVM thinpool.
  • doc: Fix markdown escaping for prlimits
  • doc: Update LVM documentation to cover scalability issues
  • extra: Fix some profile autocompletions
  • i18n: Update translations from weblate
  • lxc: Detect first-run based on conf file not dir (Issue #4112)
  • lxc/exec: Update help to cover shell behavior
  • lxc/shell: Switch to using su -l (Issue #4036)
  • lxd-benchmark: Change the default count of containers from 100 to 1
  • lxd/certificates: Add missing name value (Issue #4080)
  • lxd/console: Adapt to new liblxc changes
  • lxd/containers: Actually return an error
  • lxd/containers: Add new disk-{char,block} path format
  • lxd/containers: Add new unix-{char,block} path format
  • lxd/containers: Escape paths fstab style (Issue #4064)
  • lxd/containers: Fix insertNetworkDevice()
  • lxd/containers: Fix race condition in shutdown (Issue #4102)
  • lxd/containers: Fix typo in prlimit error
  • lxd/containers: Log auto-start errors (Issue #4054)
  • lxd/containers: Only init the config if needed
  • lxd/containers: Skip non-existing Nvidia GPU devices (Issue #4044)
  • lxd/containers: Skip sockets in tarballs
  • lxd/daemon: Fix unsetting https address
  • lxd/daemon: Properly cache the storage information (Issue #4025)
  • lxd/dameon: Add LXD_EXEC_PATH to override execPath
  • lxd/devlxd: Cleanup in preparation for events
  • lxd/devlxd: Properly lock the internal struct
  • lxd/migration: Add handler for CRIU feature checking
  • lxd/migration: Default to pre-copy migration if CRIU supports it
  • lxd/migration: Move pre-dump check to its own function
  • lxd/migration: Remove obsolete TODO comment
  • lxd/networks: Extend allowed character set for interfaces (Issue #4042)
  • lxd/patches: Skip containers that don't have a devices dir
  • lxd/patches: Update to new device name scheme
  • lxd/storage: Use HostPath for dir/btrfs
  • lxd/storage/zfs: Fix argument order of zfs get commands
  • lxd/storage/zfs: Fix storage pool import (Issue #4056)
  • lxd/storage/zfs: Make sure to allow devices, setuid and exec (Issue #4084)
  • Makefile: Better detect sqlite3.h (Issue #4078)
  • shared/idmap: Fix handling of hardlinks
  • shared/util: Add EscapePathFstab() (Issue #4064)
  • shared/utils: Deal with symlinks (Issue #4097)
  • tests: Adapt to changes in console API behavior
  • tests: Deal with missing ttyS0/ttyS1 (on s390x)
  • tests: Skip console tests on lower liblxc versions
  • travis: Limit to just Go 1.9

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.20 has been released

15th of November 2017

The changes in this release include

Features:

  • New lxc console subcommand and console API to attach to the container's boot console or retrieve the boot log
  • New lxc operation subcommand to list and cancel background operations.
  • Added support for SR-IOV network devices (nictype=sriov) including dynamic allocation of new virtual functions
  • Support for delegated external authentication through macarroons (using the go-bakery v2 protocol)

Bugfixes:

  • client: Add GetOperationUUIDs and GetOperations
  • client: Name all the return values in interfaces
  • doc: Fix markdown escaping
  • doc: Sort container config keys
  • doc: Sort network config keys
  • doc: Sort server.md config keys
  • doc: Sort storage config keys
  • extra: Update bash completion for all the new keys
  • global: Fix a number of unchecked variables
  • global: Fix some typos
  • global: Revert "Temporary workaround for log15 API breakage"
  • global: Switch to the built-in log15
  • lxc/file: Log downloads/uploads (Issue #4018)
  • lxc/network: Fix error message
  • lxd-benchmark: use NewConfig to get a default configuration
  • lxd/containers: Detect version at runtime (Issue #3934)
  • lxd/containers: Don't allow removing lxc.conf or lxc.log
  • lxd/containers: Rename container.StateObject() to container.DaemonObject()
  • lxd/daemon: Add a endpoints.Endpoints class for managing HTTP endpoints
  • lxd/daemon: Add cpu profiling and goroutines printing to the debug sub-package
  • lxd/daemon: Add error messages to lxdTestSuite setup and teardown
  • lxd/daemon: Add initial Go-level daemon integration-like test
  • lxd/daemon: Add lxd/config sub-package implementing structured config maps
  • lxd/daemon: Add lxd/task sub-package for running functions periodically
  • lxd/daemon: Add new debug sub-package with support for memory profiling
  • lxd/daemon: Add node.Config high-level API for modifying node-level config
  • lxd/daemon: Cleanup test state at every test, to improve isolation.
  • lxd/daemon: Control all goroutines spawned in Daemon.Ready() using task.Task
  • lxd/daemon: Don't skip Daemon.Ready() in tests, it can be run unconditionally
  • lxd/daemon: Don't use global path variables in sys.OS
  • lxd/daemon: Drop logging setup in Daemon.Init()
  • lxd/daemon: Drop support for "setup mode"
  • lxd/daemon: Drop the containerLXC.OS() convenience
  • lxd/daemon: Drop unnecessary checks on MockMode
  • lxd/daemon: Extract initialization of the REST and /dev/lxd http Server
  • lxd/daemon: Gracefully cancel tasks on daemon shutdown
  • lxd/daemon: Improve error on invalid config key (Issue #3925)
  • lxd/daemon: Move directory initialization to sys.OS.
  • lxd/daemon: Move execPath global variable to sys.OS.ExecPath
  • lxd/daemon: Move global aaAdmin global variable to sys.OS
  • lxd/daemon: Move global aaAvailable global variable to sys.OS
  • lxd/daemon: Move global aaConfined global variable to sys.OS
  • lxd/daemon: Move global aaStacking global variable to sys.OS
  • lxd/daemon: Move global cgBlkioController global variable to sys.OS
  • lxd/daemon: Move global cgCpuController global variable to sys.OS
  • lxd/daemon: Move global runningInUserns global variable to sys.OS
  • lxd/daemon: Move optional Daemon config values to DaemonConfig
  • lxd/daemon: Move remaining global cgXXX global variables to sys.OS
  • lxd/daemon: Move util.AppArmorCanStack to a private appArmorCanStack in lxd/sys
  • lxd/daemon: Streamline Daemon init and shutdownn
  • lxd/daemon: Track the lifecycle of the goroutine performing log expiration
  • lxd/daemon: Tweak schedule function for pruning images
  • lxd/daemon: Use instance-level cache dir variable instead of the environment one
  • lxd/daemon: Use instance-level log dir variable instead of the environment one
  • lxd/daemon: Use instance-level var dir variable instead of the environment one
  • lxd/daemon: Wire debug utilities into main_daemon.go
  • lxd/daemon: Wire endpoints.Endpoints into Daemon
  • lxd/db: Add a db.NodeTx structure to abstract away low-level transactions
  • lxd/db: Add a Schema.Fresh() method to set a "bootstrap" SQL statement
  • lxd/db: Add db APIs for fetching and changing node-local config values
  • lxd/db: Add db.NewTestNode helper for database-related unit tests
  • lxd/db: Add low-level query helpers for changing config tables
  • lxd/db: Add query.Count utility
  • lxd/db: Add Schema.ExerciseUpdate() for testing a individual update
  • lxd/db: Add support for gracefully aborting schema.Ensure
  • lxd/db: Complete moving schema creation logic to schema.Schema
  • lxd/db: Convert a few call sites of sql.DB.Begin to db.DB.Begin
  • lxd/db: Convert remaining call sites of the low-level db.Begin function
  • lxd/db: Drop all references to Daemon.nodeDB
  • lxd/db: Fix spurious tx.Exec argument in lxd/db/schema/query.go
  • lxd/db: Move certificate db APIs to the db.Node facade
  • lxd/db: Move container db APIs to the db.Node facade
  • lxd/db: Move devices db APIs to the db.Node facade
  • lxd/db: Move image db APIs to the db.Node facade
  • lxd/db: Move network db APIs to the db.Node facade
  • lxd/db: Move node-level schema updates to their own db/local/ sub-package.
  • lxd/db: Move patches db APIs to the db.Node facade
  • lxd/db: Move profile db APIs to the db.Node facade
  • lxd/db: Move storage db APIs to the db.Node facade
  • lxd/db: Remove direct use of the low-level db.Exec() func outside of lxd/db/
  • lxd/db: Rename Daemon.db to Daemon.nodeDB
  • lxd/db: Rename db.Exec to db.exec, making it unexported
  • lxd/db: Rename db.QueryScan to db.queryScan, making it unexported
  • lxd/db: Rename db_test.go to db_internal_test.go, since it's white box
  • lxd/db: Rename State.DB to State.NodeDB
  • lxd/db: Return the initial schema version in Schema.Ensure()
  • lxd/import: Use the right VG name on delete
  • lxd/main: Fix output of --print-goroutines-every
  • lxd/networks: Don't require a 1400 MTU with tunnels (Issue #3999)
  • lxd/seccomp: Fix security.syscalls.blacklist handling
  • lxd/storage: Drop the storageShared.OS() convenience
  • lxd/storage: Generate new UUID on thinpools for btrfs
  • lxd/storage/zfs: Try to import missing zpools (Issue #3976)
  • lxd/storage/zfs: Update for newer ZFS releases (Issue #3986)
  • shared: Add a shared.KeyPairAndCA function to get coventionally named certs
  • shared: Fix file transfers to/from stdin/stdout in snap
  • shared: Make current gofmt happy
  • shared/api: Add API extension label to AuthMethods
  • shared/log15: Vendor a copy of log15 in shared/log15
  • shared/logger: Add helper to redirect the global logger to the testing logger
  • shared/logging: Add freebsd build conditional to log_posix.go
  • shared/version: Extract the APIExtensions list from api10Get
  • shared/version: Split version declarations in shared/version into several files
  • tests: Add test for unique btrfs UUID generation
  • tests: Add test for unused variables
  • tests: Check for typos
  • tests: Don't use godeps for import check
  • tests: Skip prlimits on liblxc < 2.1
  • tests: Update for new dependencies

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.11 release announcement

19th of October 2017 This is the eleventh bugfix release for LXD 2.0.

The changes since LXD 2.0.10 are

Minor improvements:

  • LXD 2.0.11 is now snap aware and can be installed from the "2.0" track.
  • The documentation is now available on ReadTheDocs: https://lxd.readthedocs.io/en/stable-2.0/
  • It's now possible to interrupt image downloads.
  • Added a new security.idmap.base config key (overrides the base uid/gid of the container).
  • Added support for delta image downloads.
  • Implemented instance types as a proxy for resource limits.
  • The user-agent string was expanded to include OS and kernel information.
  • The client library and related code is now kept in sync with master.
  • The command line client has been ported to the new client library.

Bugfixes:

  • client: Add CancelTarget to RemoteOperation
  • client: Add CreateContainerFromImage function
  • client: Added insecureSkipVerify flag the ConnectionArgs struct
  • client: Add extra exec option to block on I/O
  • client: Add GetServerResources()
  • client: Add GetStoragePoolResources()
  • client: Add image_create_aliases backward compat
  • client: Add RenameStoragePoolVolume()
  • client: Allow canceling image download from LXDs
  • client: Allow specifying base http client
  • client: Cleanup code duplication in image download code
  • client: Commonize error handling
  • client: Don't live migrate stopped containers
  • client: Drop experimental tag from new client
  • client: Fail if source isn't listening on network
  • client: Fix crash in operation handler
  • client: Fix crash when missing cookiejar
  • client: Fix handling of public LXD remote
  • client: Fix image copy
  • client: Fix non-interactive exec hangs
  • client: Fix potential race in event handler setup
  • client: Fix race condition in operation handling
  • client: Implement container and snapshot copy
  • client: Implement push and relay container copy
  • client: Implement remote operations
  • client: Improve error on image copy
  • client: Improve migration relay code
  • client: Keep track of protocol
  • client: Make it possible to retrieve HTTP client
  • client: Make the authentication Interactor configurable
  • client: Move CopyImage to the target server
  • client: Only set file headers if value is provided
  • client: Properly handle remote disconnections
  • client: Reduce request logging to Debug
  • client: Simplify ConnectPublicLXD logic
  • client: Support for macaroons-based authentication
  • client: Sync with master branch
  • client: Use RemoteOperation for CopyImage
  • config: Add support for CookieJar
  • config: Try to be clever about ":" in snapshots
  • doc: Add a note about blkio limits
  • doc: Add section on macvlan vs bridge
  • doc: Add SUPPORT.md
  • doc: Document instance types
  • doc: Document that squashfs images can also be used
  • doc: Document the exec control API
  • doc: Extend/rework security-related documentation.
  • doc: Fix lxd.log location in issue template
  • doc: Fix spaces, commas, quotes, brackets where needed
  • doc: Initial documentation of container env
  • doc: Refresh the issue template
  • doc: Seriously rework the content of the README
  • doc: Sort container config keys
  • doc: Sort server.md config keys
  • doc: Update containers.md
  • extra/lxc-to-lxd: Fix bad test
  • extra/lxc-to-lxd: Ignore capabilities dropped by default
  • extra/lxc-to-lxd: Ignore sysfs/proc mounts
  • extra/lxc-to-lxd: Properly handle lxc.seccomp
  • i18n: Update Japanese translation (for stable-2.0)
  • lxc: Add plumbing for operation cancelation
  • lxc: Cross-platform HOME handling
  • lxc: Fix help to provide sample that actually works
  • lxc: Fix import crash when adding properties
  • lxc: Fix race in progress reporter
  • lxc: Properly record alias source on copy
  • lxc: Re-introduce remote protocol migration
  • lxc: Respect HOME if set
  • lxc/config: Removal of multiple devices at once
  • lxc/copy: Report progress data
  • lxc/delete: Fix lxc delete --force description
  • lxc/exec: Fix signal handler for Windows
  • lxc/exec: Fix Windows port
  • lxc/file: Fix file push/pull with names containing spaces.
  • lxc/file: Read file perms from Windows FS
  • lxc/file: Use shared.HostPath for push/pull
  • lxc/image: Always use long fingerprint in exported filenames
  • lxc/image: Expose the "cached" flag
  • lxc/image: Fix aliases with simplestreams remotes
  • lxc/image: Fix "lxc image copy" not recording the source
  • lxc/image: Fix regression in exported filename
  • lxc/image: Improve filter handling
  • lxc/image: Make "lxc image copy" fast again
  • lxc/image: Update image aliases when they already exist
  • lxc/image: Use shared.HostPath for import/export
  • lxc/init: Fix failure to launch containers with random names
  • lxc/list: Error if --columns and --fast are used together
  • lxc/move: Use force on delete
  • lxc/publish: Fix fingerprint printing
  • lxc/remote: Don't require a cert for public remotes
  • lxc/utils: Avoid potential progress race condition
  • lxc/utils: Println doesn't do format strings
  • lxd-benchmark: Add CreateContainers function
  • lxd-benchmark: Add csv reporting
  • lxd-benchmark: Add freezeContainer function
  • lxd-benchmark: Add processBatch function, use it in SpawnContainers and DeleteContainers
  • lxd-benchmark: Add "spawn" as equivalent but deprecated to "launch"
  • lxd-benchmark: Add start and stop commands
  • lxd-benchmark: Add StartContainers function
  • lxd-benchmark: Add StopContainers function
  • lxd-benchmark: Change name of spawn command to launch
  • lxd-benchmark: Extract deleteContainer and copyImage functions
  • lxd-benchmark: Extract ensureImage function
  • lxd-benchmark: Extract getBatchSize function
  • lxd-benchmark: Extract GetContainers function
  • lxd-benchmark: Extract logic to separate package
  • lxd-benchmark: Extract PrintServerInfo function
  • lxd-benchmark: Extract printTestConfig function
  • lxd-benchmark: Fix ensureImage when a local alias is passed
  • lxd-benchmark: Fix local image handling
  • lxd-benchmark: Return operations duration
  • lxd-benchmark: Split private functions to separate files
  • lxd-benchmark: Use NewConfig to get a default configuration
  • lxd: Add initial lxd/sys sub-package and OperatingSystem structure
  • lxd: Fix typo now -> know
  • lxd: Make .dir-locals.el play nice with flycheck
  • lxd: Replace some uses of InternalError with SmartError
  • lxd: Use sql.DB or sys.OS instead of Daemon where possible
  • lxd/apparmor: Drop useless apparmor denies
  • lxd/apparmor: Support new stacking syntax
  • lxd/containers: Allow passing disk devices with the LXD snap
  • lxd/containers: Better handle errors in memory reporting
  • lxd/containers: Check for container mountpoint too
  • lxd/containers: Check whether disk device exists
  • lxd/containers: Cleanup volatile keys on update
  • lxd/containers: Detect POLLNVAL when poll()ing during exec
  • lxd/containers: Fix readonly mode for directory mount
  • lxd/containers: Make "dev" work as a network interface name
  • lxd/containers: Remove from db on storage failure
  • lxd/containers: Show underlying error when container delete fails
  • lxd/containers: Update to support LXC 2.1 configuration keys
  • lxd/containers: Use lxc.network.N.
  • lxd/daemon: Don't update images while pruning
  • lxd/daemon: d.os.Init must be run after all paths are created
  • lxd/daemon: Extract Daemon.ExpireLogs into a standalone function
  • lxd/daemon: Extract Daemon.GetListeners into a standalone function
  • lxd/daemon: Extract Daemon.httpClient into a standalone HTTPClient function
  • lxd/daemon: Extract Daemon.ListenAddresses into a standalone function
  • lxd/daemon: Extract Daemon.PasswordCheck into a standalone function
  • lxd/daemon: Extract Daemon.SetupStorageDriver into a standalone function
  • lxd/daemon: Finish replacing Daemon with State also in higher-level entity APIs
  • lxd/daemon: Fix handling of config triggers
  • lxd/daemon: Improve error on invalid config key
  • lxd/daemon: Log a warning for unknown config keys and don't crash
  • lxd/daemon: Move Daemon.BackingFs to the OS struct
  • lxd/daemon: Move Daemon.IdmapSet to OS.IdmapSet
  • lxd/daemon: Move Daemon.isRecursionRequest to the lxd/util sub-package
  • lxd/daemon: Move Daemon.lxcpath to OS.LxcPath
  • lxd/daemon: Move Daemon.MockMode to OS.MockMode
  • lxd/daemon: Move Deamon.CheckTrustState and Deamon.isTrustedClient to lxd/util
  • lxd/daemon: Move filesystemDetect function into lxd/util subpackage.
  • lxd/daemon: Move lxd/util.go into its own lxd/util/ sub-package
  • lxd/daemon: Replace Daemon with State in all model entities
  • lxd/daemon: Reset the images auto-update loop when configuration changes
  • lxd/daemon: Simplify time channels
  • lxd/daemon: Use select and save goroutines
  • lxd/db: Add db/query sub-package with common query helpers
  • lxd/db: Add db/schema sub-package for managing database schemas
  • lxd/db: Add query.Transaction
  • lxd/db: Add Schema.Dump() method for flattening a series of schema updates
  • lxd/db: Add schema.NewFromMap convenience to create a schema from a map.
  • lxd/db: Automatically generate database schema from database updates
  • lxd/db: Don't special-case mock mode unnecessarily in db patches
  • lxd/db: Drop dependencies on Daemon
  • lxd/db: Fix bad DB schema update between schema 30 and 31
  • lxd/db: Fix database upgrade logic not inserting interim versions
  • lxd/db: Move db*.go files into their own db/ sub-package
  • lxd/db: Separate db-level update logic from daemon-level one
  • lxd/db: Wire new schema code into db.go
  • lxd/devices: Add support for isolcpu in CPU scheduler
  • lxd/devices: Don't mark all cpus isolated by default
  • lxd/devices: Fix handling of major and minor numbers in device IDs
  • lxd/devices: Fix sorting order of devices
  • lxd/devices: Handle empty isolcpus set
  • lxd/devices: Take all 32 bits of minor device number
  • lxd/events: Fix race condition in event handlers
  • lxd/images: Actually get the list of images to remove
  • lxd/images: Always expand fingerprint
  • lxd/images: Carry old "cached" value on refresh
  • lxd/images: Clear error for image not found
  • lxd/images: Don't access the returned struct in case of error
  • lxd/images: Fix image refresh when fingerprint is passed
  • lxd/images: Fix ordering of compressor arguments
  • lxd/images: Fix potential double unlock
  • lxd/images: Fix private image copy with partial fp
  • lxd/images: Fix regression in image auto-update logic
  • lxd/images: Initialize image info in direct download case
  • lxd/images: Properly extract the image expiry
  • lxd/images: Respect disabled cache expiry
  • lxd/images: Store UploadedAt as RFC3339
  • lxd/init: Add a cmd.Parser helper for parsing command line flags
  • lxd/init: Consolidate interactive/auto init logic with the preseed one
  • lxd/init: Extract code asking init questions to individual methods
  • lxd/init: Extract logic to fill init data to standalone methods
  • lxd/init: Extract validation of --auto args into a separate method
  • lxd/init: Make the log cmdInit unit-testable
  • lxd/init: Move state-changing inline functions to own methods
  • lxd/init: Plug cmd.Parser into main.go
  • lxd/init: Properly set default port
  • lxd/main: Fix error message when log path is missing
  • lxd/migration: Fix live migration (bad URL in dumpsuccess)
  • lxd/networks: Don't require ipt_checksum
  • lxd/patches: Convert UploadedAt to RFC3339
  • lxd/rsync: Handle sparse files when rsyncing
  • lxd/shutdown: Only timeout if told to
  • lxd/storage/btrfs: Workaround btrfs bug
  • lxd/storage/dir: Unfreeze on rsync error
  • lxd/storage/rsync: Ignore vanished file warnings
  • Makefile: Fix static-analysis target
  • Makefile: Update pot before po
  • network: Do not update limits unconditionally
  • shared: Add wrapper to translate host paths
  • shared: Cleanup use of log
  • shared: Fix bad check for snap paths
  • shared: Fix growing of buf in GroupId
  • shared: Fix new golint warning
  • shared: Move GetRemoteCertificate from lxc/remote
  • shared: Move idmap/acl functions to a separate package
  • shared: Move testhelpers into shared/osarch for now
  • shared: Use custom error type for RunCommand
  • shared: Vendor the subtest compatibility schim in shared/subtest
  • shared: Websocket proxy should proxy everything
  • shared/api: Add API for editing containers metadata.yaml and template files
  • shared/api: Add container template files operations.
  • shared/api: Add server resource api structs
  • shared/api: Add storage pool resource api structs
  • shared/api: Add StorageVolumePost
  • shared/api: Add support for macaroons-based authentication indicator
  • shared/api: Extensions go at the bottom
  • shared/api: Implement complete push migration
  • shared/api: Migration: state{ful,less} snapshot migration
  • shared/api: Split storage in separate files for pools and volumes
  • shared/api: Sync with master branch
  • shared/canceler: Support canceling with parallel downloads
  • shared/canceler: Fix return value ordering
  • shared/canceler: Use request Cancel channel
  • shared/cmd: Don't depend on testify in the cmd package
  • shared/cmd: Update to match master
  • shared/idmap: Disallow hostids intersecting subids
  • shared/idmap: Fix numerous issues
  • shared/idmap: Fix tests
  • shared/idmap: Make ACL failures more verbose
  • shared/logger: Temporary workaround for log15 API breakage
  • shared/network: Add some more TLS ciphers
  • shared/network: Sync TLS handling with master
  • shared/osarch: Add function for parsing /etc/os-release
  • shared/osarch: Add missing architecture aliases
  • shared/osarch: Fix uname handling on some architectures
  • shared/util: Add helper to create tempfiles
  • shared/util: Extract helper to get uname
  • shared/util: Guess size when sysconf() returns -1
  • shared/util: Implement mountpoint checking
  • shared/util: More snap handling logic
  • shared/util: Shift xattr ACLs uid/gid
  • shared/util: Sync ParseLXDFileHeaders with master
  • shared/version: Add helper to get platform-specific versions
  • shared/version: Only include kernel version, not build id
  • tests: Add a test for read-only disks
  • tests: Add new dependencies
  • tests: Add performance regression tests
  • tests: Add storage helpers
  • tests: Add support for LXD_TMPFS to perf.sh
  • tests: Add test for disallowing hostid in subuid
  • tests: Also measure batch startup time in perf.sh
  • tests: bump image auto update limit to 20min
  • tests: Clear database state in the mock daemon after each lxdSuiteTest
  • tests: Don't attempt to finger public remotes
  • tests: Don't copy running lvm/ceph containers
  • tests: Fix bad raw.lxc test
  • tests: Fix dependency check
  • tests: Fix image_auto_update test
  • tests: Fix image expiry test
  • tests: Fix shell return value masking
  • tests: Function to include storage backends helpers
  • tests: include lvm in image auto update
  • tests: More apparmor presence checking
  • tests: Refactor cleanup functions
  • tests: Setup basic channel handler for triggers
  • tests: Skip apparmor tests when no kernel support
  • tests: Split out lxc and lxd related helper functions
  • tests: Split out network-related helper functions
  • tests: Split out storage-related helper functions
  • tests: Split out test setup related helper functions
  • tests: Support running individual testify test suites
  • tests: Switch to new storage helpers
  • tests: Update perf.sh to "lxd-benchmark launch"
  • tests: use "--force" everywhere on stop
  • tests: Use in-memory db for tests (makes them faster)
  • tests: Use testimage for perf testing
  • tests: Validate that the right busybox is present
  • tests: Wait up to 2 minutes for image updates

Downloads

The release tarballs can be found on our download page.

LXD 2.19 has been released

18th of October 2017

The changes in this release include

Features:

  • The LXD documentation is now available at https://lxd.readthedocs.io
  • A new "resources" API was added allowing to get CPU and memory information as well as storage pool sizes from the API. In the client, this maps to "lxc info --resources" and "lxc storage show NAME --resources".
  • A new set of limits.kernel.[limit name] container configuration keys are available to tweak the various kernel process limits for the container.
  • The command line client now has a number of "rename" subcommands, for profiles, networks and image aliases. The toplevel "rename" command was also updated to match.
  • The LXD API now allows renaming of custom storage volumes. In the client tool, this can be done through "lxc storage volume rename".
  • Extended the LXD user-agent to include the kernel version, architecture and OS name and release. This will allow LXD image servers to show a filtered image list when applicable.
  • Added a new insecureSkipVerify flag to ConnectionArgs struct in the client allowing to connect to a LXD host bypassing any kind of TLS validation.

Bugfixes:

  • doc: Document instance types
  • doc: Document that squashfs images can also be used
  • github: Add SUPPORT.md
  • github: Refresh the issue template
  • global: Add some more TLS ciphers (Issue #3822)
  • lxc/file: Use shared.HostPath for push/pull
  • lxc/image: Fix regression in exported filename (Issue #3869)
  • lxc/image: Use shared.HostPath for import/export
  • lxc/storage: Fix remote operations
  • lxd-benchmark: Add "spawn" as equivalent but deprecated to "launch"
  • lxd-benchmark: Change name of spawn command to launch
  • lxd/apparmor: Drop useless apparmor denies
  • lxd/daemon: Don't update images while pruning
  • lxd/daemon: Fix handling of config triggers
  • lxd/daemon: Simplify time channels
  • lxd/db: Fix bad DB schema update between schema 30 and 31 (Issue #3878) (Issue #3890)
  • lxd/images: Actually get the list of images to remove
  • lxd/images: Fix bad error message
  • lxd/images: Respect disabled cache expiry
  • lxd/images: Store UploadedAt as RFC3399
  • lxd/import: Check for on-disk only snapshots
  • lxd/import: Re-create mountpoints and symlinks
  • lxd/import: Rewrite (Issue #3682)
  • lxd/init: Only nest btrfs if container is on btrfs
  • lxd/migration: Fix lvm stateful restores
  • lxd/migration: Fix stateless incremental containers (Issue #3798)
  • lxd/network: Better handle dnsmasq version checks (Issue #3837)
  • lxd/network: Do not update limits unconditionally (Issue #3920)
  • lxd/networks: Fix renaming networks (Issue #3912)
  • lxd/networks: Update dnsmasq on container renames
  • lxd/patches: Convert UploadedAt to RFC3399
  • lxd/resources: Deal with missing cpufreq directory
  • lxd/storage: Add growFileSystem helper
  • lxd/storage: Add shrinkFileSystem helper
  • lxd/storage: Add shrinkVolumeFilesystem helper
  • lxd/storage: Have "usedby" functions return empty slice
  • lxd/storage: Ignore vanished file warnings during rsync (Issue #3859)
  • lxd/storage: Move check for type into api
  • lxd/storage: Re-import image if volume filesystem has changed
  • lxd/storage: Rework container volume properties
  • lxd/storage: Rework storage pool updating (Issue #3834)
  • lxd/storage: Rework storage volume updating
  • lxd/storage: Support resizing btrfs-based volumes
  • lxd/storage/btrfs: Existence check before container delete (Issue #3775)
  • lxd/storage/btrfs: Existence check before custom delete (Issue #3775)
  • lxd/storage/btrfs: Existence check before image delete (Issue #3775)
  • lxd/storage/btrfs: Existence check before snapshot delete (Issue #3775)
  • lxd/storage/btrfs: Remove dependency on symlink
  • lxd/storage/btrfs: Workaround btrfs bug (Issue #3843)
  • lxd/storage/ceph: Check for mountpoint before calling umount
  • lxd/storage/ceph: Correctly implement (none-)live migration
  • lxd/storage/ceph: Existence check before container delete (Issue #3775)
  • lxd/storage/ceph: Existence check before custom delete (Issue #3775)
  • lxd/storage/ceph: Existence check before pool delete (Issue #3775)
  • lxd/storage/ceph: Existence check before snapshot delete (Issue #3775)
  • lxd/storage/ceph: Handle volume.block.filesystem update
  • lxd/storage/ceph: Remove size property from OSD pools
  • lxd/storage/ceph: Use [grow|shrink]FileSystem helpers
  • lxd/storage/dir: Check whether pool is already mounted (Issue #3938)
  • lxd/storage/dir: Make sure pool is mounted (Issue #3938)
  • lxd/storage/lvm: Existence check before container delete (Issue #3775)
  • lxd/storage/lvm: Existence check before custom delete (Issue #3775)
  • lxd/storage/lvm: Existence check before image delete (Issue #3775)
  • lxd/storage/lvm: Existence check before pool delete (Issue #3775)
  • lxd/storage/lvm: Mount xfs snapshots with "nouuid"
  • lxd/storage/lvm: Non-functional changes
  • lxd/storage/lvm: Re-import image on thinpool-based pools if volume filesystem has changed
  • lxd/storage/lvm: Use DottedVersion for version comparison
  • lxd/storage/zfs: Existence check before custom delete (Issue #3775)
  • lxd/storage/zfs: Existence check before delete for pools (Issue #3775)
  • shared: Cleanup use of the log package
  • shared: Move testhelpers into shared/osarch for now
  • shared/api: Consistent file names
  • shared/api: Split storage in separate files for pools and volumes
  • shared/canceler: Support canceling with parallel downloads
  • shared/idmap: Fix numerous issues (Issue #3946)
  • shared/idmap: Make ACL failures more verbose
  • shared/logger: Temporary workaround for log15 API breakage
  • shared/util: Implement mountpoint checking (Issue #3877)
  • shared/util: More snap handling logic
  • tests: Add stateless live migration tests
  • tests: Add tests for btrfs resize
  • tests: Add tests using btrfs on LVM and ceph volumes
  • tests: Fix bad raw.lxc test
  • tests: Fix dependency check
  • tests: Fix image expiry test
  • tests: Fix shell return value masking
  • tests: Setup basic channel handler for triggers
  • tests: Test mountpoint and symlink recreation
  • tests: Update and expand container import tests
  • tests: Update perf.sh to "lxd-benchmark launch"
  • tests: Use 50MB as minimal block dev size for xfs

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.18 has been released

20th of September 2017

The changes in this release include

New features:

  • The btrfs filesystem can now be used on LVM and Ceph storage pools
  • Our internal "lxd-benchmark" tool is now a first class utility
  • "lxd-benchmark" can now generate performance reports
  • It's now possible to move a running container in the background, only stopping it at the last minute (using --stateless option)
  • A new "ceph.osd.force_reuse" storage pool property was added to limit accidental import of used Ceph pools

Bugfixes:

  • client: Reduce request logging to Debug level
  • doc: Link to release notes and downloads (Issue #3709)
  • doc: Tweak docker instructions (Issue #3712)
  • lxc/delete: Fix the --force description
  • lxc/image: Fix import crash when adding properties (Issue #3803)
  • lxc/move: Use force on delete
  • lxd-benchmark: Big code refactoring
  • lxd/apparmor: Support new stacking syntax
  • lxd/containers: Check for container mountpoint too
  • lxd/containers: Fix handling of major and minor numbers in device IDs
  • lxd/containers: Remove from db on storage failure (Issue #3782)
  • lxd/daemon: Refactoring of State as a separate package
  • lxd/daemon: Reset the images auto-update loop when configuration changes
  • lxd/db: Add db/query sub-package with common query helpers
  • lxd/db: Add db/schema sub-package for managing database schemas
  • lxd/db: Automatically generate database schema from database updates
  • lxd/events: Fix race condition in event handlers (Issue #3770)
  • lxd: Fix typo in comment
  • lxd/images: Fix ordering of compressor arguments
  • lxd/images: Fix private image copy with partial fp
  • lxd/images: Properly extract the image expiry
  • lxd/init: Code refactoring
  • lxd/init: Fix btrfs subvolume creation
  • lxd/init: Improve default storage backend selection
  • lxd/init: Re-order btrfs questions
  • lxd/main: Fix error message when log path is missing
  • lxd/migration: Fix live migration (bad URL in dumpsuccess) (Issue #3715)
  • lxd/networks: Allow for duplicate IPs (Issue #3721)
  • lxd/networks: Don't require ipt_checksum
  • lxd/networks: Fix bridging devices with IPv6 link-local (Issue #3727)
  • lxd/networks: Make dnsmasq quiet when not in debug mode
  • lxd/networks: Only add --quiet options to dnsmasq if version supports them
  • lxd/networks: Switch to a directory based dhcp-host (Issue #3694)
  • lxd/patches: Make dir pool use bind-mount
  • lxd/patches: Move patch to the right part of the file
  • lxd/storage: Don't mask error messages
  • lxd/storage: Extend makeFSType, remove duplicated mkfs.* code
  • lxd/storage: If volume creation fails, delete DB entry
  • lxd/storage: Only validate config changes
  • lxd/storage/ceph: Add note about filesystems for Ceph cluster
  • lxd/storage/ceph: Fix divide error in size calculation
  • lxd/storage/ceph: Generate a new xfs UUID (Issue #3752)
  • lxd/storage/ceph: Implement resizing (Issue #3760)
  • lxd/storage/ceph: Sanitize path return from rbd map (Issue #3726)
  • lxd/storage/ceph: Set ACL on container copy
  • lxd/storage/ceph: Use Storage{Start,Stop}()
  • lxd/storage/ceph: Use UUID when creating zombie storage volumes (Issue #3780)
  • lxd/storage/dir: Use bind-mount for pools outside ${LXD_DIR}
  • lxd/storage/dir: Use correct function
  • lxd/storage/lvm: Generate a new xfs UUID on thinpool copy
  • lxd/storage/lvm: Report error on wrong storage type
  • lxd/storage/lvm: Require resize request to be at least 1MB
  • lxd/storage/zfs: Use "referenced" property when zfs.use_refquota=true
  • shared: Add helpers to parse/compare versions
  • shared: Fix growing of buf in GroupId (Issue #3711)
  • shared: Guess size when sysconf() returns*1
  • shared/api: Fix new golint warning
  • shared/idmap: Disallow hostids intersecting subids
  • shared/idmap: Move idmap/acl functions to a separate package
  • shared/subtest: Vendor the subtest package
  • tests: Add more ceph tests
  • tests: Add support for LXD_TMPFS to perf.sh
  • tests: Add test for disallowing hostid in subuid (Issue #3416)
  • tests: Also measure batch startup time in perf.sh
  • tests: Bump image auto update limit to 20min
  • tests: Ceph test volume resizing
  • tests: Container import fixes
  • tests: Don't copy running lvm/ceph containers
  • tests: Include LVM in image auto update
  • tests: Limit ceph volumes to 25MB
  • tests: Lower pg number for OSD pools
  • tests: Non-functional changes
  • tests: Resize block size to 200MB
  • tests: Use "--force" everywhere on stop
  • tests: Use testimage for perf testing
  • tests: Wait up to 2 minutes for image updates

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.17 has been released

23rd of August 2017

The changes in this release include

New features:

  • Add support for specifying the ceph user (using the "ceph.user.name" property)
  • Implement "instance types" as an easy way to specify limits (e.g. "lxc launch ubuntu:16.04 -t t2.micro")
  • Add a new "lxc query" command as a low level query tool for the LXD API (similar to curl but with LXD knowledge)
  • Filesystem ACLs are now rewritten when the container changes uid/gid map
  • LXD now supports using binary deltas when refreshing daily images
  • "lxc image info" now shows whether an image was automatically cached by LXD

Bugfixes:

  • client: Cleanup code duplication in image download function
  • client: Remove deprecated client code
  • client: Simplify ConnectPublicLXD logic
  • doc: Add storage documentation for volatile.pool.pristine
  • doc: Add the volatile.initial_source key
  • doc: Fix bad JSON in rest-api.md (Issue #3654)
  • doc: Properly escape path params
  • extra/lxc-to-lxd: Ignore capabilities that are dropped by default
  • extra/lxc-to-lxd: Ignore sysfs/proc mounts
  • extra/lxc-to-lxd: Properly handle lxc.seccomp
  • i18n: Update translations from weblate
  • lxc: Fix race in progress reporter
  • lxc: Re-introduce remote protocol migration
  • lxc/config: Expose extra certificate functions (Issue #3606)
  • lxc/image: Fix copy of image aliases
  • lxc/image: Wait for the refresh to complete
  • lxc/remote: Don't require a crt for public remotes (Issue #3627)
  • lxd: Move lxd/util.go into its own lxd/util/ sub-package
  • lxd/containers: Allow passing disk devices with the LXD snap (Issue #3660)
  • lxd/containers: Another LXC 2.1 key rename, lxc.idmap
  • lxd/containers: Fix a typo: now -> know
  • lxd/containers: Fix gpu attach when mixing GPU vendors (Issue #3642)
  • lxd/containers: Fix sorting order of devices (Issue #2895)
  • lxd/containers: Fix support for isolcpu in CPU scheduler (Issue #3624)
  • lxd/containers: Make stateful snapshot restores work again
  • lxd/daemon: Add initial lxd/sys sub-package and OperatingSystem structure
  • lxd/daemon: d.os.Init must be run after all paths are created
  • lxd/daemon: Extract Daemon.ExpireLogs into a standalone function
  • lxd/daemon: Extract Daemon.GetListeners into a standalone function
  • lxd/daemon: Extract Daemon.httpClient into a standalone HTTPClient function
  • lxd/daemon: Extract Daemon.ListenAddresses into a standalone function
  • lxd/daemon: Extract Daemon.PasswordCheck into a standalone function
  • lxd/daemon: Extract Daemon.SetupStorageDriver into a standalone function
  • lxd/daemon: Log a warning for unknown config keys instead of crashing
  • lxd/daemon: Move Daemon.BackingFs to the OS struct
  • lxd/daemon: Move Daemon.IdmapSet to OS.IdmapSet
  • lxd/daemon: Move Daemon.isRecursionRequest to the lxd/util sub-package
  • lxd/daemon: Move Daemon.lxcpath to OS.LxcPath
  • lxd/daemon: Move Daemon.MockMode to OS.MockMode
  • lxd/daemon: Move Deamon.CheckTrustState and Deamon.isTrustedClient to lxd/util
  • lxd/daemon: Move filesystemDetect function into lxd/util subpackage
  • lxd/daemon: Replace Daemon with State in all model entities
  • lxd/daemon: Use select and save a few goroutines
  • lxd/daemon: Use sql.DB or sys.OS instead of Daemon where possible
  • lxd/db: Drop dependencies on Daemon in db.go
  • lxd/db: Move db*.go files into their own db/ sub-package
  • lxd/images: Carry old "cached" value on refresh (Issue #3698)
  • lxd/import: Don't use un-initialized structs
  • lxd/networks: Allow starting LXD without dnsmasq (Issue #3678)
  • lxd/networks: Fix networkIptablesClear with missing ip{6}tables (Issue #3688)
  • lxd/networks: Make "dev" work as a network name
  • lxd/networks: Set dnsmasq.raw to be 0644 (Issue #3652)
  • lxd/networks: Stop networks on clean shutdown
  • lxd/patches: Fix canmount=noauto patch (Issue #3594)
  • lxd/patches: Unset "size" for ZFS containers + images (Issue #3679)
  • lxd/storage: Count custom volumes in pool UsedBy
  • lxd/storage: Enable "volume.size" for {btrfs,zfs}
  • lxd/storage: Fix "size" property
  • lxd/storage: Fix wrong driver name for log output
  • lxd/storage: Non-functional changes
  • lxd/storage/ceph: Fix double --cluster
  • lxd/storage/ceph: Unmap until EINVAL
  • lxd/storage/ceph: Use "/dev/rbd" via sysfs
  • lxd/storage/ceph: Use minimal image feature set for clones
  • lxd/storage/dir: Check if directory is empty (Issue #3680)
  • lxd/storage/zfs: Always require existing datasets to be empty (Issue #3657)
  • lxd/storage/zfs: Refactoring
  • shared: Add wrapper to translate host paths
  • shared: Move GetRemoteCertificate from lxc/remote (Issue #3606)
  • tests: function to include storage backends helpers
  • tests: Refactor cleanup functions
  • tests: Split out lxc and lxd related helper functions
  • tests: Split out network-related helper functions
  • tests: Split out storage-related helper functions
  • tests: Split out test setup related helper functions
  • tests: Use $storage_backends variable

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.16 has been released

25th of July 2017

The changes in this release include

New features:

  • Ceph RBD can now be used as a LXD storage backend (including "lxd init" support).
  • A new security.idmap.base key has been added. This controls what base uid/gid to use on the host when using security.idmap.isolated.
  • Image downloads can now be interrupted.
  • File transfers now support sending symlinks
  • "lxc copy" and "lxc move" will now show progress information
  • "lxc copy" and "lxc move" now support "relay" and "push" modes to go around firewalls and NAT
  • Custom storage volumes can now have their size set and modified
  • "lxc image import" now supports reading from a directory containing an unpacked image
  • The "vlan" property can now be set on "physical" network interfaces (was just "macvlan")
  • It's now possible to delete image volumes from a storage pool. This allows removing a storage pool without having to remove the images from the image store.
  • The image metadata and template files can now be created and modified over the API. This allows fine tuning of all image metadata prior to publishing.
  • Stateful snapshots can now be restored as a new container on a remote host.

Bugfixes:

  • client: Allow specifying base http client (Issue #3580)
  • client: Commonize error handling
  • client: Don't live migrate stopped containers
  • client: Fix crash in operation handler
  • client: Fix file push/pull with names containing spaces
  • client: Fix handling of public LXD remote (Issue #3464)
  • client: Fix race condition in operation handling
  • client: Improve migration relay code
  • client: Make it possible to retrieve HTTP client (Issue #3580)
  • client: Properly handle remote disconnections
  • client.go: Make deprecation warnings visible in godoc (Issue #3466)
  • config: Try to be clever about ":" in snapshots
  • doc: Add note on use of previous image from cache (Issue #3590)
  • doc: Document storage_images_delete API extension (Issue #3539)
  • doc: Document the exec control API (Issue #3574)
  • doc: Expand lxd import documentation
  • doc: Extend/rework security-related documentation.
  • doc: Fix help to provide sample that actually works
  • doc: Fix spaces, commas, quotes, brackets where needed
  • doc: Initial documentation of container env (Issue #477)
  • doc: Need quotes for /1.0/networks/ "config"."ipv6.nat"
  • doc: Remove extraneous backslash
  • doc: Update containers.md
  • github: ISSUE_TEMPLATE.md: Fix lxd.log location
  • global: Fix a few typos
  • lxc/config: Removal of multiple devices at once
  • lxc: Create missing config paths
  • lxc: Cross-platform HOME handling (Issue #3573)
  • lxc/exec: Fix signal handler for Windows (Issue #3496)
  • lxc/file: Don't specify mode for intermediate directories created with push -p
  • lxc/image: Always use long fingerprint in exported filenames.
  • lxc/image: Fix "lxc image copy" not recording the source
  • lxc/image: Improve "lxc image list" filter handling (Issue #3555)
  • lxc/image: Missing error handling
  • lxc/image: Properly record alias source on copy (Issue #3586)
  • lxc/image: Update image aliases when they already exist
  • lxc/launch: Fix failure to launch containers with random names
  • lxc/list: Error if --columns and --fast are used together
  • lxc/publish: Change compression_algorithm to compressionAlgorithm
  • lxc/publish: Fix fingerprint printing
  • lxc/utils: Avoid potential progress race condition
  • lxc/utils: Println doesn't do format strings
  • lxd/container: Fix broken error handling
  • lxd/containers: Better handle errors in memory reporting (Issue #3482)
  • lxd/containers: Show underlying error when container delete fails
  • lxd/containers: Support for LXC 2.1 configuration keys (and fallback)
  • lxd/images: Clear error for image not found
  • lxd/images: Fix image refresh when fingerprint is passed.
  • lxd/import: Keep volatile keys
  • lxd/import: Remove last dependency on symlink
  • lxd/init: Detect LVM thin provisioning tools (Issue #3497)
  • lxd/networks: Don't fail on non-process PIDs
  • lxd/storage: Check idmaps of all attaching containers (Issue #3548)
  • lxd/storage: Fix ETag handling of volumes
  • lxd/storage: Fix readonly mode for directory mount
  • lxd/storage: Fix UsedBy for containers and images
  • lxd/storage: Fix volume config logic
  • lxd/storage: Introduce a new storagePoolVolumeUsedByContainersGet function
  • lxd/storage: Move db deletion to driver implementation
  • lxd/storage: Restrict size property in pool config
  • lxd/storage/lvm: Convert to RunCommand (Issue #3507)
  • lxd/storage/lvm: Fix broken error handling
  • lxd/storage/lvm: Fix non-thinpool container creation (Issue #3543)
  • lxd/storage/lvm: Non-functional changes
  • lxd/storage/zfs: Moved all the helper functions to storage_zfs_utils.go (Issue #3471)
  • lxd/storage/zfs: Removed s.zfsPoolVolumeCreate() and changed all s.zfsPoolVolumeCreate() to use zfsPoolVolumeCreate()
  • lxd/storage/zfs: Set canmount=noauto on all mountable datasets (Issue #3437)
  • lxd/storage/zfs: Used s.getOnDiskPoolName() instead of s.pool.Name
  • README: Fix broken links
  • README: Seriously rework the content
  • shared/cancel: Fix crash if no canceler is setup
  • shared/cancel: Fix return value ordering
  • shared/cancel: Use request Cancel channel
  • shared: Use custom error type for RunCommand (issue #3502)
  • shared/util: Guess size when sysconf() returns -1 (Issue #3581)
  • shared: Websocket proxy should proxy everything
  • tests: Add a test for "lxc storage volume set"
  • tests: Add a test for read-only disks
  • tests: Add import test when symlink has been removed
  • tests: Add test for push and relay mode
  • tests: Allow running tests without lxdbr0
  • tests: Always pass --force to stop/restart
  • tests: More apparmor presence checking
  • tests: Skip apparmor tests when no kernel support
  • tests: Validate that the right busybox is present
  • zfs: Use tryMount when mounting filesystem

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.15 has been released

28th of June 2017

The changes in this release include

New features:

  • "lxc image list" now support column customization.
  • "lxc list" and "lxc image list" now both support table, json, yaml and csv as output formats.
  • It's now possible to cancel (DELETE) some background operations while they're downloading content.
  • The "lxc" command line tool was ported from our old client code to the new client package. This was the last bit of code which needed porting and we're now planning on removing the old client package from our tree with LXD 2.16.
  • New CopyContainer and CopyContainerSnapshot functions were added to the client package.
  • LXD will now dynamically remap custom storage volumes when attached to containers.

Bugfixes:

  • client: Add extra exec option to block on I/O
  • client: Fail copy if the source isn't listening on network
  • client: Fix potential race in event handler setup
  • client: Only set file headers if value is provided
  • doc: Add a note for blkio limits (Issue #3378)
  • doc: Document image refresh API call
  • doc: Fix missing markdown escaping
  • doc: Tweak storage formatting (Issue #3376)
  • lxc/file: Clean source path for recursive push
  • lxc/file: Properly read file permissions on Windows (Issue #3363)
  • lxd/containers: Also support lxc.net..* configuration keys on newer LXC
  • lxd/containers: Check whether the disk device exists on the host before unmount
  • lxd/containers: Detect POLLNVAL when polling during exec (Issue #2964)
  • lxd/containers: Fail if we get EBUSY during startup (Issue #3412)
  • lxd/containers: Use the lxc.network..* configuration keys
  • lxd/db: Replace some uses of InternalError with SmartError
  • lxd/images: Always expand the fingerprint (Issue #3424)
  • lxd/images: If multiple cache hits, pick the latest
  • lxd/images: Properly initialize image info in direct case
  • lxd/images: Skip cached images without auto-update
  • lxd/networks: Always pass --conf-file to dnsmasq (Issue #3367)
  • lxd/networks: Only generate DHCP fw rules if enabled (Issue #3432)
  • lxd/networks: Remove IPv6 leases on container delete
  • lxd/networks: Tweak error in subnet auto detection
  • lxd/patches: Fix bad upgrade for ZFS pools (Issue #3386)
  • lxd/patches: Make sure localdevices are properly updated (Issue #3169)
  • lxd/shutdown: Only timeout if told to (Issue #3434)
  • lxd/storage: Fix ETag calculation for pools
  • lxd/storage: Insert driver correctly (Issue #3386)
  • lxd/storage/btrfs: Apply default flags BEFORE detecting type (Issue #3409)
  • lxd/storage/btrfs: Enable filesystem quotas on demand
  • lxd/storage/dir: Still create the needed symlinks on freeze failure
  • lxd/storage/dir: Unfreeze on rsync errors
  • lxd/storage/lvm: Allow non-empty VGs when thinpool exists (Issue #3456)
  • lxd/storage/rsync: Handle sparse files when rsyncing (Issue #3287)
  • lxd/storage/zfs: Fix container snapshot copy (Issue #3395)
  • lxd/storage/zfs: Improve dummy dataset creation (Issue #3399)
  • Makefile: Update pot before po
  • shared/api: API extensions go at the bottom
  • tests: Add more copy/migration tests
  • tests: Add tests for custom storage volume attach
  • tests: Add tests for "lxc file push -r ./"
  • tests: Don't attempt to finger public remotes
  • tests: Don't run migration tests again on LVM when backend is random
  • tests: Use in-memory database for tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.14 has been released

30th of May 2017

The changes in this release include

New features:

  • New client library
    • Add a CreateContainerFromImage function
    • Implement image upload
    • Implement remote operations
  • API additions
    • New "description" field for containers, networks, storage pools and storage volumes
    • Allow for image refreshes (lxc image refresh)
  • When launching containers, an existing cached image is now preferred over downloading a refreshed one
  • "lxd init" can now be preseeded with "--preseed" and a yaml config file
  • Introduce a new btrfs.mount_options pool property
  • Implement volume resizing for LVM (grow/shrink for ext4, grow only for xfs)

Bugfixes:

  • client: Add image_create_aliases backward compat
  • client: Always pass pointer to queryStruct
  • client: Don't return cache on GetServer
  • client: Fill the server fingerprint if missing
  • client: Fix private image handling
  • client: Fix race condition in operation handler
  • client: Improve error on image copy
  • client: Keep track of protocol
  • client: Move CopyImage to the target server
  • client: Remove unneeded condition
  • client: Require the volume type for storage volume
  • client: Support partial fingerprints
  • client: Track the server certificate, not client
  • client: Use RemoteOperation for CopyImage
  • doc: Add documentation about the init preseed feature
  • doc: Correct typo in device type name
  • doc: Fix markdown escaping
  • doc: Update README.md Docker instructions
  • doc/network: Add section on macvlan vs bridge (Issue #3273)
  • doc/storage: Correct grammer
  • doc/storage: Document zfs quota vs refquota (Issue #2959)
  • doc/storage: Fix ordering
  • extra/lxc-to-lxd: Don't crash on missing mount file (Issue #3237)
  • global: Fix typos
  • global: Replace file Chmod() with os.Chmod() (Issue #3275)
  • global: Use containerGetParentAndSnapshotName() everywhere
  • i18n: Pre-release update
  • i18n: Update translations from weblate
  • lxc: Fix obscure error on missing object name (Issue #3230)
  • lxc: Implement progress tracking for operations
  • lxc/copy: Improve error handling (Issue #3243)
  • lxc/copy: Simplify the code
  • lxc/file: Fix broken file push on Windows
  • lxc/file: Fix recursive file push on Windows
  • lxc/init: Drop unnecessary else statement
  • lxc/remote: Show the fingerprint as string not hex (Issue #3293)
  • lxc/storage: Don't ignore yaml errors
  • lxd: Support running individual testify test suites
  • lxd/containers: Also clear the host_name volatile key
  • lxd/containers: Cleanup volatile keys on update (Issue #3231)
  • lxd/containers: Disable IPv6 on created macvlan parents
  • lxd/containers: fillNetworkDevice is only for nic
  • lxd/containers: Use networkSysctl whenever possible
  • lxd/daemon: Fix ETag handling for /1.0
  • lxd/daemon: Actually set ServerFingerprint
  • lxd/db: Add a testify test suite for db tests, rework existing tests
  • lxd/db: Clear database state in the mock daemon after each lxdSuiteTest
  • lxd/db: Don't special-case mock mode unnecessarily in db patches
  • lxd/db: Return NoSuchObjectError on missing storage pools (Issue #3257)
  • lxd/db: Separate db-level update logic from daemon-level one
  • lxd/images: Check if the image already exists on upload
  • lxd/images: Fix potential double unlock
  • lxd/images: Fix regression in image auto-update logic
  • lxd/images: Save image source certificate and pass it to the download
  • lxd/images: Split autoUpdateImage function
  • lxd/import: Error on out missing name
  • lxd/init: Extract validation of --auto args into a separate method
  • lxd/init: Move state-changing inline functions to own methods
  • lxd/init: Rollback to initial state if anything goes wrong
  • lxd/init: Properly set the default port (Issue #3341)
  • lxd/networks: Fix ETag regression
  • lxd/patches: Drop unused variable
  • lxd/profiles: Remove the Docker profile
  • lxd/storage: Add helper to detect if pool is in use
  • lxd/storage: Add lxdResolveMountoptions()
  • lxd/storage: Add MS_LAZYTIME to mount options
  • lxd/storage: Add permission helpers
  • lxd/storage: Avoid an infinite loop
  • lxd/storage: Fix bad internal types
  • lxd/storage: Move mount helpers to storage utils
  • lxd/storage: Only delete custom volumes
  • lxd/storage: Pass container struct to ContainerMount()
  • lxd/storage: Re-order storage pool checks
  • lxd/storage/btrfs: Add getBtrfsPoolMountOptions()
  • lxd/storage/btrfs: Handle migration on different LXDs (Issue #3323)
  • lxd/storage/btrfs: Remove unused variable
  • lxd/storage/btrfs: Use lxdResolveMountoptions()
  • lxd/storage/lvm: Allow re-using existing thinpools (Issue #3351)
  • lxd/storage/lvm: Check whether volume group is already in use
  • lxd/storage/lvm: Disallow using non-empty volume groups (Issue #3351)
  • lxd/storage/lvm: Only delete VG when empty (Issue #3351)
  • lxd/storage/lvm: Resolve mount options properly (Issue #3284)
  • lxd/storage/lvm: Simplify and improve pool creation
  • lxd/storage/zfs: Create image dataset with mountpoint=none (Issue #3359)
  • lxd/storage/zfs: Fix folder permissions after dataset creation (Issue #3090)
  • lxd/storage/zfs: Try to work around zfs EBUSY bug (Issue #3228)
  • Makefile: Add update-po to i18n target
  • Makefile: Fix static-analysis target
  • shared: Add yaml-mode marker in template for "lxc edit" actions
  • shared/cmd: Add new package with initial command I/O logic
  • shared/cmd: Complete cmd.Context support for various AskXXX methods
  • shared/cmd: Don't depend on testify
  • shared/cmd: Make the log cmdInit unit-testable
  • shared/logger: Make golint clean
  • shared/logger: Replace PrintStack with GetStack
  • shared/logging: Export LogfmtFormat
  • shared/logging: Make golint clean
  • shared/termios: Make golint clean
  • tests: Add btrfs.mount_options test (Issue #3264)
  • tests: Add LV resizing tests
  • tests: Add mount option test for LVM (Issue #3284)
  • tests: Add quota tests
  • tests: Allow random storage backend selection
  • tests: Don't rely on busybox shutting down nicely
  • tests: Drop jenkins-specific check again
  • tests: Explicitly pass shell type to shellcheck
  • tests: Honor the LXD_BACKEND environment variable in storage tests
  • tests: Make sure storage volume is mounted
  • tests: Remove invalid test for Jenkins
  • tests: Test suites use space indent
  • tests/deps: Make golint clean

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.10 release announcement

11th of May 2017 This is the tenth bugfix release for LXD 2.0.

The changes since LXD 2.0.9 are

Minor improvements:

  • client: Backported the new client library and ported some of the internal commands over to it
  • lxc: Add a manpage command
  • lxc: Allow --version to be passed with any command
  • lxc: Reworked all help messages in the client to be compatible with help2man
  • lxd: AppArmor namespacing is now also enabled for privileged containers

Bugfixes:

  • build: Add debug logging
  • client: Fix profile list
  • client: Remove unneeded condition
  • doc: Add instructions to grow ZFS loop
  • doc: Add note about escaping btrfs qgroups
  • doc: Add note about restricting access to kernel ring buffer
  • doc: Extract containers documentation to containers.md
  • doc: Extract profiles documentation to profiles.md
  • doc: Extract server documentation to server.md
  • doc: Fix badly named example device
  • doc: Fix broken table
  • doc: Note that LXD assumes full control over the pool
  • doc: Update configuration.md with links to other documents
  • doc: Update README.md for new API client
  • extra/lxc-to-lxd: Don't crash on missing mount file
  • extra/lxc-to-lxd: Typo in description of --move-rootfs
  • extra/vagrant: Trailing whitespace
  • global: Fix error handling in all filepath.Walk calls
  • global: Fix a number of typos
  • global: Forward user-agent and other headers on redirect
  • global: Replace file Chmod() with os.Chmod()
  • global: Use containerGetParentAndSnapshotName()
  • global: Use RunCommand everywhere
  • lxc: Don't include spaces in translated strings
  • lxc: Improve batch mode
  • lxc: Make help/usage a bit more consistent
  • lxc: Move common functions/types to utils.go
  • lxc: Properly clear transfer stats on error
  • lxc: Rework for better manpages
  • lxc/config: Add new config handling code
  • lxc/config: Always use "simplestreams" for images:
  • lxc/config: Fix path handling
  • lxc/config: Fix SaveConfig's DeepCopy call
  • lxc/copy: Improve error handling
  • lxc/copy: Return the source error too
  • lxc/copy: Simplify
  • lxc/copy: Wait asynchronously
  • lxc/image: Show the alias description
  • lxc/image: Trailing whitespace
  • lxc/init: Drop unnecessary else statement
  • lxc/list: Document list format options
  • lxc/list: Fix regression in json output
  • lxc/list: Move common data extraction to a helper function
  • lxc/profile: Properly implement "profile unset"
  • lxc/publish: Wait for the conainer to be running
  • lxc/remote: Show the fingerprint as string not hex
  • lxc/utils: Implement progress tracking for operations
  • lxd: Drop use of logger.Log when not needed
  • lxd/apparmor: Fix AppArmor stack handling with nesting
  • lxd/containers: Add containerGetParentAndSnapshotName()
  • lxd/containers: Added soft limit in initLXD()
  • lxd/containers: Added soft memory limit even when hard is selected
  • lxd/containers: Add extra validation for unix-block/unix-char
  • lxd/containers: Add function to detect root disk device
  • lxd/containers: Allow for stable host interface names
  • lxd/containers: Clarify uid/gid error
  • lxd/containers: Cleanup root device validation
  • lxd/containers: Disable IPv6 on host side veth when bridged
  • lxd/containers: Don't ignore snapshot deletion failures
  • lxd/containers: Don't parse id ranges as int32
  • lxd/containers: Don't report migration success on failure
  • lxd/containers: Don't use FindProcess, just pass exec.Cmd
  • lxd/containers: Find current max snapshot value
  • lxd/containers: Fix bad root device detection code
  • lxd/containers: Fix base image tracking
  • lxd/containers: Fix concurent read/write to s.conns in exec
  • lxd/containers: Fix error handling on FileRemove
  • lxd/containers: Fix handling of devices with minor>255
  • lxd/containers: Fix override of Devices during copy
  • lxd/containers: Fix soft limit logic to use float64
  • lxd/containers: Initialize idmap on demand
  • lxd/containers: Kill forkexec on abnormal websocket closure
  • lxd/containers: Path may only be used by one disk
  • lxd/containers: Properly invalidate the idmap cache
  • lxd/containers: Properly revert memory limits on failure
  • lxd/containers: Properly validate architectures
  • lxd/containers: Set default values for USER, HOME and LANG
  • lxd/containers: This condition has already been deal
  • lxd/containers: Use int64 for uid and gid everywhere
  • lxd/containers: Validate container idmap as early as possible
  • lxd/containers: Validate expanded configuration after root setup
  • lxd/containers: Validate the expanded config at container create
  • lxd/daemon: Check for the validity of the id maps at startup
  • lxd/daemon: Fix some race conditions
  • lxd/daemon: Mount a tmpfs under devlxd
  • lxd/daemon: s/Default map/Available map/
  • lxd/daemon: Set ServerFingerprint
  • lxd/daemon: Use a tmpfs for shmounts
  • lxd/db: Actually enable foreign keys per connection
  • lxd/db: Deal with the case where no updates exist
  • lxd/db: Detect downgrades with newer DB and fail
  • lxd/db: Raise DB lock timeout to 30s, retry every 30ms
  • lxd/db: Rely on CASCADE
  • lxd/db: Remove some extra cleanup code
  • lxd/devlxd: Fix extraction of fd from UnixConn with go tip
  • lxd/events: Improve formatting in events API
  • lxd/images: Check if the image already exists
  • lxd/images: Drop leftover debug statement
  • lxd/images: Fix partial image fingerprint matches
  • lxd/images: Move imagesDownloading out of the daemon struct
  • lxd/images: Properly return the alias description
  • lxd/images: Record the server certificate in the cache
  • lxd/images: Refactor code a bit
  • lxd/images: Save image source certificate and pass it to the download
  • lxd/images: Split autoUpdateImage function
  • lxd/init: Only show userns message if lacking uid/gid
  • lxd/init: The 'storageBackend' has already been checked
  • lxd/main: Fix comment in activateifneeded
  • lxd/main_forkexec: Remove os.FindProcess
  • lxd/main_netcat: Implement logging
  • lxd/main_netcat: Switch to new helper
  • lxd/main_nsexec: cgo: Free allocated memory
  • lxd/main: Restrict daemon and activateifneeded to root
  • lxd/migration: Better handle rsync errors (subprocesses)
  • lxd/migration: Clarify CRIU related errors
  • lxd/migration: Handle EAGAIN properly
  • lxd/migration: Make our netcat handle EAGAIN
  • lxd/migration: Tweak rsync logging a bit
  • lxd/operations: Remove useless for loops
  • lxd/profiles: Verify root disk devices
  • lxd/storage/btrfs: Always use the recursive subvol functions
  • lxd/storage/btrfs: Cleanup empty migration dirs
  • lxd/storage/btrfs: Fix recursive subvol deletion
  • lxd/storage/btrfs: Properly handle nested subvolumes
  • lxd/storage: Ensure the container directory has the right permission
  • lxd/storage: Move mount helpers to storage utils
  • lxd/storage: Optimize containerGetRootDiskDevice a bit
  • Makefile: Always include gorilla/context
  • Makefile: Drop repeated calls to "go get"
  • Makefile: Use system libsqlite3 if available
  • shared: coding-style pedantry
  • shared/api: Add the Stateful field to ContainerPut
  • shared/api: Properly define the image creation source
  • shared/api: Use consistent json and yaml field names
  • shared/cmd: Add a new shared/cmd package with initial command I/O logic
  • shared/cmd: Complete cmd.Context support for various AskXXX methods
  • shared/gnuflag: Fix golint
  • shared/i18n: Simplify and make golint clean
  • shared/idmap: DefaultIdmapSet is always for root
  • shared/idmap: Drop GetOwner
  • shared/idmap: Fix various issues
  • shared/idmap: Implement parsing of kernel id maps
  • shared/idmap: Implement Usable() functions
  • shared/idmap: Improve parsing of the shadow id files
  • shared/idmap: Make more of an effort to find a default
  • shared/idmap: Remove debugging during idmap changes
  • shared/ioprogress: Simplify and make golint clean
  • shared/logger: Add pretty formatting
  • shared/logger: Create new package for logger
  • shared/logger: Make golint clean
  • shared/logger: Replace PrintStack with GetStack
  • shared/logging: Export LogfmtFormat
  • shared/logging: Make golint clean
  • shared/simplestreams: Always prefer squashfs when available
  • shared/simplestreams: Export image file list
  • shared/simplestreams: Improve error handling
  • shared/simplestreams: Properly handle image rebuilds
  • shared/termios: Make golint clean
  • shared/util: Add function to detect errno
  • shared/util: Add yaml-mode marker in template for "lxc edit" actions.
  • shared/util: Don't do chown on windows
  • shared/util: FileCopy should also keep owner
  • shared/util: FileCopy should keep the same mode
  • shared/version: Make golint clean
  • tests: Add a testify test suite for db tests, rework existing tests
  • tests: Add golint
  • tests: Add lxd init --auto tests
  • tests: Allow random storage backend selection
  • tests: Also unmount the devlxd path
  • tests: Always cleanup loop devices
  • tests: Avoid a zfs race
  • tests: Don't leak zpools in "lxd init" test
  • tests: Explicitly pass shell type to shellcheck
  • tests: Fix lxd auto init test suite
  • tests: Fix typo
  • tests: Give more time to reboot test
  • tests: Honor the LXD_BACKEND environment variable in storage tests
  • tests: Improve performance of deadcode test
  • tests: Make sure a client certificate is generated
  • tests: Make sure storage volume is mounted
  • tests: Properly cleanup in template testsuite
  • tests: Record how long the tests take
  • tests: Remove invalid test for Jenkins
  • tests: Run golint on client/ and lxc/config/
  • tests: Switch to use gofmt instead of "go fmt"
  • tests: Testsuites are sourced, not executed
  • tests: The monitor can exit on its own
  • tests: Trailing whitespaces
  • tests: Update for new client
  • tests: Update init test for stable branch
  • tests: Use flake8 instead of separate pyflakes and pep8
  • tests/deps: Make golint clean
  • tests/lxd-benchmark: Fix --help and --version handling

Downloads

The release tarballs can be found on our download page.

LXD 2.13 has been released

26th of April 2017

The changes in this release include

New features:

  • lxc/copy: Allow copying a container without its snapshots (--container-only)
  • lxd/storage/zfs: Introduce a new "zfs.clone_copy" property (will make a full copy rather than using a clone)
  • client: New, better designed, client library available for testing
  • lxd/containers: unix-char/unix-block devices can now be mapped to a different name in the container (set "source" and "path" keys)
  • lxd/containers: AppArmor namespacing is now enabled for privileged containers too
  • lxd/storage/lvm: Implement non-thinpool LVM storage pools (set "lvm.use_thinpool" to "false")
  • lxc/list: Support for CSV as an output format
  • lxd/init: Support for creating a subvolume in an existing btrfs environment
  • lxd/storage: Implement the "rsync.bwlimit" pool property to restrict rsync bandwidth
  • lxd/network: Allow overriding the VXLAN multicast interface (set "tunnel.NAME.interface")

Bugfixes:

  • client: Add basic logging code
  • client: Fix file push path handling (Issue #3153)
  • doc/api-extensions: Properly escape markdown
  • doc/configuration: Drop deprecated config options
  • doc/configuration: Extract containers documentation to containers.md
  • doc/configuration: Extract networking documentation to networks.md
  • doc/configuration: Extract profiles documentation to profiles.md
  • doc/configuration: Extract server documentation to server.md
  • doc/configuration: Extract storage documentation to storage.md
  • doc/configuration: Fix storage volume configuration (Issue #3140)
  • doc/configuration: Update with links to other documents
  • doc/lxd-ssl-authentication: Drop mention of PKI CRL (not implemented)
  • doc/production-setup: Fix broken table
  • doc/README: Update for new API client
  • doc/storage: Add note about escaping btrfs qgroups (Issue #3135)
  • doc/storage: Re-format a bit
  • i18n: Update translations from weblate
  • lxc/copy: Return the source error too (Issue #3086)
  • lxc/copy: Wait for operations asynchronously
  • lxc/list: Document list format options
  • lxc/manpage: Show all commands in "man lxc" (Issue #3214)
  • lxd/containers: Add containerGetParentAndSnapshotName()
  • lxd/containers: Added soft memory limit even when hard is selected
  • lxd/containers: Allow for stable host interface names (Issue #3143)
  • lxd/containers: Fix handling of devices with minor>255
  • lxd/containers: Fix typo in securtiy.syscalls.blacklist
  • lxd/containers: Fix unix device removal (bad cgroup.deny entry) (Issue #3107)
  • lxd/containers: Improve storage error messages on creation (Issue #3110)
  • lxd/containers: Properly invalidate the idmap cache
  • lxd/daemon: Improve PKI certificate handling (Issue #3162)
  • lxd/db: Deal with the case where no updates exist
  • lxd/images: Drop leftover debug statement
  • lxd/init: Add all storage options
  • lxd/main_activateifneeded: Port to new client code
  • lxd/main_callhook: Port to new client code
  • lxd/main_daemon: Port to new client code
  • lxd/main_forkexec: Remove use of os.FindProcess (Issue #3037)
  • lxd/main_import: Handle non-existing snapshots path (Issue #3198)
  • lxd/main_import: Port to new client code
  • lxd/main_init: Port to new client code
  • lxd/main_migratedumpsuccess: Port to new client code
  • lxd/main_netcat: Implement logging (Issue #2494)
  • lxd/main_netcat: Switch to new helper
  • lxd/main_ready: Port to new client code
  • lxd/main_shutdown: Port to new client code
  • lxd/main_waitready: Port to new client code
  • lxd/migration: Fix stateful restore
  • lxd/operations: Remove useless for loops
  • lxd/profiles: Fix ETag handling
  • lxd/rsync: Make our netcat handle EAGAIN (Issue #3168)
  • lxd/storage: Check that pool exists on profile changes (Issue #3137)
  • lxd/storage: Fix and improve config validation
  • lxd/storage/lvm: Improve snapshot handling
  • lxd/storage/lvm: Tweak {Try}RunCommand() calls
  • shared/api: Add the Stateful field to ContainerPut
  • shared/api: Properly define the image creation source
  • shared/gnuflag: Fix golint
  • shared/i18n: Simplify and make golint clean
  • shared/ioprogress: Simplify and make golint clean
  • shared/logger: Add line number logging
  • shared/logger: Add pretty formatting
  • shared/logger: Create new package for logger
  • shared/util_linux: Add function to detect errno (Issue #2494)
  • shared/version: Make golint clean
  • tests/lxd-benchmark: Port to new client code
  • tests: Add additional "file push -p" tests
  • tests: Add additional import tests (Issue #3198)
  • tests: Add additional storage pool tests
  • tests: Add migration tests for copy and move (Issue #3006)
  • tests: Keep testsuite non-executable (they're sourced)
  • tests: Make sure a client certificate is generated
  • tests: Make sure we also delete dependent records in import tests
  • tests: Record how long the tests take
  • tests: Run golint on client/ and lxc/config/
  • tests: Stop containers before modifying the DB
  • tests: Use flake8 instead of separate pyflakes and pep8
  • tests: Use shutdown/respawn helpers to simplify import tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.12 release announcement

20th of March 2017

The changes in this release include

New features:

  • lxc/exec: Implement ssh-style -t/-T/-n
  • lxd/init: Support all storage drivers

Bugfixes:

  • doc: Add a note about restricting access to kernel ring buffer
  • doc: Document backup strategies
  • doc: Document that X-LXD-type is valid for POST
  • lxc: Properly clear transfer stats on error
  • lxc/copy: Don't attempt to live migration on copy
  • lxc/list: Add a simple list formatting example
  • lxd/backup: Improve backup handling
  • lxd/backup: Record container's storage volume
  • lxd/backup: Record storage pool struct
  • lxd/containers: Find max value currently used
  • lxd/daemon: Allow unsetting deprecated keys with default
  • lxd/daemon: Skip StoragePoolCheck() broken patch
  • lxd/images: Record the server certificate in the cache
  • lxd/init: Better render available storage backends
  • lxd/internal: Check for container storage volume
  • lxd/patches: Check if config is empty before update
  • lxd/patches: Ensure existing pool config is kept
  • lxd/storage: Adapt SetupStorageDriver()
  • lxd/storage: Fix container_lxc to match shared/api
  • lxd/storage: Make Storage{Start,Stop}() return bool and error
  • lxd/storage/btrfs: Add isBtrfsFilesystem()
  • lxd/storage/lvm: Force lvmetad cache update
  • lxd/storage/zfs: Create a volume entry for re-used images
  • lxd/storage/zfs: Load kernel module in case it isn't
  • lxd/storage/zfs: Prevent removal of the snapshot mountpoint
  • lxd/storage/zfs: Try lazy umount if zfs umount fails
  • scripts/lxc-to-lxd: Typo in description of --move-rootfs
  • shared/api: Update storage.go to cover POST too
  • shared/simplestreams: Export image file list
  • tests: Add tests for lxd import
  • tests: Fix btrfs detection code
  • tests/lxd-benchmark: Fix --help and --version handling

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.11 release announcement

8th of March 2017

The changes in this release include

New features:

  • New "aliases" field in POST /1.0/images allowing for an initial set of aliases to be passed.
  • Reworked help messages and "lxc manpage" command to generate manpages for the client.
  • New "vlan" nic property for "macvlan" devices, allowing to connect to a particular VLAN on the host device.

Bugfixes:

  • doc: Add instructions to grow ZFS loop
  • doc: Improve storage doc (Issue #3013)
  • global: Use RunCommand everywhere
  • i18n: Refresh templates
  • i18n: Update translations from weblate
  • i18n: Update translation templates
  • lxc: Allow --version to be passed with any command
  • lxc: Make help/usage a bit more consistent
  • lxc: Rework for better manpages
  • lxc/image: Show the alias description
  • lxc/profile: Properly implement "profile unset"
  • lxd/containers: Don't use FindProcess, just pass exec.Cmd (Issue #3037)
  • lxd/containers: Properly revert memory limits on failure (Issue #3017)
  • lxd/images: Properly return the alias description
  • lxd/images: Refactor code a bit
  • lxd/migration: Actually unset the storage pool if unavailable (Issue #3036)
  • lxd/migration: Better handle rsync errors (subprocesses)
  • lxd/migration: Set correct pool property for btrfs (Issue #3036)
  • lxd/migration: Set correct pool property for zfs (Issue #3036)
  • lxd/migration: Tweak rsync logging a bit
  • lxd/patches: Call tryMount() if not already mounted (Issue #3026)
  • lxd/patches: Conditionalize lvrename (Issue #3026)
  • lxd/patches: Delete image db entry if LV is missing (Issue #3026)
  • lxd/patches: Detect the logical volume size
  • lxd/patches: Fix incorrect btrfs source properties (Issue #3020)
  • lxd/patches: Handle mixed-storage upgrade (Issue #3026)
  • lxd/patches: Use MNT_DETACH for lvm (Issue #3026)
  • lxd/patches: Use RemoveAll() for lvm snapshots dir (Issue #3026)
  • lxd/storage/btrfs: Correctly handle loop-backed pools (Issue #3020)
  • lxd/storage/btrfs: Handle custom subvolume paths (Issue #3020)
  • lxd/storage/dir: Limit valid pool source paths (Issue #3023)
  • lxd/storage/lvm: Call {pv,vg}scan
  • lxd/storage/lvm: Dumb down functions from methods to functions (Issue #3026)
  • lxd/storage: Deal with source not being btrfs (Issue #3024)
  • lxd/storage: Ensure correct pool for snapshots (Issue #3036)
  • lxd/storage: Harden the btrfs migration code (Issue #3024)
  • lxd/storage: Report prepareLoopDev() error directly
  • shared/idmap: Fix various issues
  • tests: Add more dir and btrfs tests (Issue #3023)
  • tests: Improve lvm part of storage tests

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.10.1 release announcement

2nd of March 2017

The changes in this release include

This is a bugfix release for LXD 2.10, fixing a number of issues reported after release.

Bugfixes:

  • global: Fix error handling in all filepath.Walk calls
  • lxd/images: Fix base image tracking (Issue #2999)
  • lxd/init: Allow running as non-root
  • lxd/storage: Add set_autoclear_loop_device()
  • lxd/storage/lvm: Allow loop-backed lvm storage pools
  • lxd/storage/lvm: Fix defer calls
  • lxd/storage/lvm: Make sure loop devices stays around on volume delete
  • lxd/storage/lvm: Set LO_FLAGS_AUTOCLEAR before file removal
  • lxd/storage/lvm: Use lvmized container name for LV
  • lxd/storage/zfs: Do not revert on success
  • lxd/storage/zfs: Import loop-backed storage pools on startup
  • shared/simplestreams: Improve error handling
  • shared/util: Check for err in {UUID, BlockDev} lookup
  • tests: Fix yet another LVM pool's volume size
  • tests: Give more time to reboot
  • tests: Rely on "lxc storage" create only for lvm

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.10 release announcement

28th of February 2017

The changes in this release include

New features:

  • With the LVM backend, lvm.vg_name and lvm.thinpool_name can now be modified
  • "lxd init" can now be run even after containers and images are present

Bugfixes:

  • doc: Escape markdown
  • doc: Fix badly named example device
  • global: Use int64 for uid and gid everywhere
  • i18n: Refresh translations and templates
  • i18n: Update translations from weblate
  • lxc: Move common functions/types to utils.go
  • lxc/action: Improve batch mode (Issue #2966)
  • lxc/file: Detect and fail to transfer symlinks (Issue #2970)
  • lxc/publish: Wait for the container to be running
  • lxd/containers: Clarify uid/gid error
  • lxd/containers: Don't parse id ranges as int32
  • lxd/containers: Fix override of Devices during copy (Issue #2872)
  • lxd/containers: Fix uint32 check
  • lxd/containers: Initialize idmap on demand
  • lxd/containers: Kill forkexec on abnormal websocket closure
  • lxd/containers: Properly validate architectures (Issue #2971)
  • lxd/containers: Remove debugging during idmap changes
  • lxd/containers: Simplify container storage init
  • lxd/containers: Validate container idmap as early as possible
  • lxd/containers: Validate the expanded config at container create
  • lxd/daemon: Check for the validity of the id maps at startup (Issue #2885)
  • lxd/daemon: Detect downgrades with newer DB and fail
  • lxd/daemon: Fix some race conditions
  • lxd/events: Improve formatting in events API
  • lxd/images: Properly handled non-optimized stores
  • lxd/init: Only show userns message if lacking uid/gid
  • lxd/patches: Activate volume group and logical volumes
  • lxd/patches: Do not parse volume.size for lvm
  • lxd/patches: Fix zfs upgrade from existing dataset
  • lxd/storage: Add proper logging
  • lxd/storage: Check if profiles use pool or volume
  • lxd/storage: Detect if loop file is already in use
  • lxd/storage: Improve storage volume attachment
  • lxd/storage: Make flag argument configurable
  • lxd/storage: Move storage drivers cache to storage.go
  • lxd/storage: Remove unused function argument
  • lxd/storage: Return correct error messages
  • lxd/storage: Simplifiy StoragePoolInit()
  • lxd/storage/btrfs: Quotas can't be enabled when unprivileged
  • lxd/storage/lvm: Activate volume groups and logical volumes
  • lxd/storage/lvm: Don't set volume size
  • shared/idmap: Drop GetOwner
  • shared/idmap: Implement Usable() functions
  • shared/idmap: Make more of an effort to find a default
  • tests: Add test for storage volume {attach,detach}
  • tests: Don't leak zpools in "lxd init" test

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9.3 release announcement

24th of February 2017

The changes in this release include

This is another bugfix release for LXD 2.9, fixing migration issues reported by our users.

Bugfixes:

  • client: Always use "simplestreams" for the images: remote
  • doc: Add client tool examples to storage.md
  • doc: Add lvm.{thinpool,vg}_name pool properties
  • lxd: Cleanup root device validation
  • lxd/containers: Add extra validation for unix-block/unix-char
  • lxd/containers: Check whether storage is ready before applying quota
  • lxd/containers: Don't ignore snapshot deletion failures
  • lxd/daemon: s/Default map/Available map/
  • lxd/init: "lxd init" can now be run as a normal user
  • lxd/main: Fix comment in activateifneeded
  • lxd/main: Restrict daemon and activateifneeded to root
  • lxd/patches: Fix pool and volume configuration on upgrade
  • lxd/patches: Move to lvm.thinpool_name pool key
  • lxd/storage: Add ContainerStorageReady()
  • lxd/storage: Call storageVolumeFillDefault() on demand
  • lxd/storage: Don't modify configuration during config check
  • lxd/storage: Ensure image is wiped from DB on error
  • lxd/storage: Fill in default configuration for images
  • lxd/storage: Implement correct config inheritance for pools and volumes
  • lxd/storage: Only fill in defaults on creation
  • lxd/storage: Only set size property on lvm
  • lxd/storage: Properly report UsedBy
  • lxd/storage: Store size values as given to us
  • lxd/storage/btrfs: Always pass the mount options
  • lxd/storage/btrfs: Always use the recursive subvol functions
  • lxd/storage/btrfs: Drop dead code
  • lxd/storage/btrfs: Improve upgrade
  • lxd/storage/btrfs: Only use size in the loop case
  • lxd/storage/btrfs: Properly handle nested subvolumes
  • lxd/storage/btrfs: Set loop file if "source" is empty
  • lxd/storage/dir: Handle cross-device upgrade
  • lxd/storage/lvm: Add lvm.thinpool_name and lvm.vg_name
  • lxd/storage/lvm: Allow to reuse existing volume groups
  • lxd/storage/lvm: Always set lvm.thinpool_name
  • lxd/storage/lvm: Don't unmount the container twice on delete
  • lxd/storage/lvm: Handle "i" in sizes
  • lxd/storage/lvm: Parse "volume.size" not "size" property
  • lxd/storage/lvm: Remove volume.lvm.thinpool_name
  • lxd/storage/lvm: Lock during StoragePoolVolume{M,Um}ount
  • lxd/storage/zfs: Lock during StoragePoolVolume{M,Um}ount
  • lxd/storage/zfs: Correctly handle configuration keys
  • lxd/storage/zfs: Only use size property in the loop case
  • lxd/storage/zfs: Remove very repetitive log message
  • lxd/storage/zfs: Set mountpoint=none on old images
  • shared/idmap: DefaultIdmapSet is always for root
  • shared/idmap: Implement parsing of kernel id maps
  • shared/idmap: Improve parsing of the shadow id files
  • shared/simplestreams: Properly handle image rebuilds
  • tests: Adapt to command line unification
  • tests: Add LVM specific storage pool tests
  • tests: Also unmount the devlxd path
  • tests: Always cleanup loop devices
  • tests: Always use 25MB volumes for LVM
  • tests: Fix lxd auto init test suite
  • tests: Improve performance of deadcode test
  • tests: Test custom storage volume creation

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9.2 release announcement

20th of February 2017

The changes in this release include

This is another bugfix release for LXD 2.9, fixing migration issues reported by our users.

Bugfixes:

  • lxd/containers: Add fun to detect root disk device
  • lxd/containers: Ensure proper root disk device
  • lxd/containers: Helper to retrieve pool from devices
  • lxd/containers: Path may only be used by one disk
  • lxd/init: Fix regressions caused by storage work
  • lxd/init: Small fixes
  • lxd/migration: Call helper to detect valid storage pool
  • lxd/migration: Fix moving containers with storage api
  • lxd/patches: Handle partial upgrades + pool fixes
  • lxd/patches: Handle partial upgrades + pool fixes
  • lxd/patches: Improve btrfs upgrade
  • lxd/patches: Improve dir upgrade
  • lxd/patches: Only rerun pool updates
  • lxd/profiles: Verify root disk devices
  • lxd/storage/btrfs: Enable quotas on the pools we create
  • lxd/storage/dir: Delete image from database
  • Makefile: Always include gorilla/context
  • Makefile: Drop repeated calls to "go get"
  • tests: Add lxd init --auto tests
  • tests: Add test for root disk devices in profiles
  • tests: Execute tests based on available tools
  • tests: Fix mixed tab/spaces again

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9.1 release announcement

16th of February 2017

The changes in this release include

We made this follow-up bugfix release to correct a few regressions introduced by LXD 2.9.

Bugfixes:

  • doc: Document the "pool" property for disk devices
  • lxc/storage: Fix help output for create
  • lxc/storage: simplify
  • lxd/daemon: Allow unsetting the deprecated storage keys
  • lxd/patches: Add more comments to storage upgrade code
  • lxd/storage: Improve logging
  • lxd/storage: Rename and add opcode functions
  • lxd/storage: Use existing ZFS {pool, dataset} or create it
  • lxd/storage: Use unified operation ids when locking
  • tests: Use dataset as pool or existing pool for ZFS

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.9 release announcement

15th of February 2017

The changes in this release include

New features:

  • Introduce the LXD storage management API
    • Allows for multiple storage pools in LXD
    • Pools can be used to store containers and custom volumes
    • New /1.0/storage-pools API (see rest-api.md)
    • New "lxc storage" set of commands
    • Updated "lxd init" to support creating storage pools
  • Allow setting network interface name with "lxc network attach"
  • New "lxc file delete" command and API
  • Ability to append to rather than overwrite a file through the API
  • New "ipv4.dhcp.expiry" and "ipv6.dhcp.expiry" config options for DHCP lease time

Bugfixes:

  • doc: Clarify PUT vs PATCH (Issue 2873)
  • doc: Note that LXD assumes full control over its ZFS dataset
  • doc: Update database.md to match current DB schema
  • lxc: Don't include spaces in translated strings
  • lxc/list: Fix regression in json output (Issue 2887)
  • lxd/containers: Disable IPv6 on host side veth when bridged (issue 2845)
  • lxd/containers: Don't block resolution on non-existing paths
  • lxd/containers: Don't check the image fingerprint twice
  • lxd/containers: Fix concurent read/write to s.conns in exec (Issue 2862)
  • lxd/containers: Fix error handling on FileRemove
  • lxd/containers: Set default values for USER, HOME and LANG (Issue 2830)
  • lxd/daemon: Mount a tmpfs under devlxd (Issue 2877)
  • lxd/daemon: Use a tmpfs for shmounts
  • lxd/db: Actually enable foreign keys per connection
  • lxd/db: Raise DB lock timeout to 30s, retry every 30ms (Issue 2826)
  • lxd/db: Rely on CASCADE (Issue 2844)
  • lxd/db: Remove some extra cleanup code
  • lxd/devlxd: Fix extraction of fd from UnixConn with go tip
  • lxd/images: Fix partial image fingerprint matches
  • lxd/images: Move imagesDownloading out of the daemon struct
  • lxd/init: Don't check the storage backend twice
  • lxd/migration: Clarify CRIU related errors
  • lxd/migration: Don't report migration success on failure
  • lxd/nsexec: Close *DIR stream returned by fdopendir()
  • lxd/nsexec: Free allocated memory
  • lxd/storage/btrfs: Fix recursive subvol deletion
  • lxd/storage/zfs: Simplify device tracking logic
  • Makefile: Use system libsqlite3 if available
  • network: Skip ip6tables clear on non-ipv6 hosts (Issue 2842)
  • shared: Forward user-agent and other headers on redirect (Issue 2805)
  • shared/api: Use consistent json and yaml field names
  • shared/simplestreams: Always prefer squashfs when available
  • shared/utils: Don't do chown on windows
  • shared/utils: FileCopy should also keep owner
  • shared/utils: FileCopy should keep the same mode
  • tests: Add golint for shared/api
  • tests: Avoid a zfs race
  • tests: Empty and validate network tables
  • tests: Fix typo
  • tests: Properly cleanup in template testsuite
  • tests: Switch to use gofmt instead of "go fmt"
  • tests: The monitor can exit on its own (ignore kill failure)

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.9 release announcement

26th of January 2017 This is the ninth bugfix release for LXD 2.0.

The changes since LXD 2.0.8 are

Minor improvements:

  • Exec sessions being killed by a signal will now report the signal number as part of their exit code.
  • VLAN device types are now properly reported in the API and client.
  • The client will now show the date an image was last used at (in lxc image info).
  • The client will now let you delete multiple images at once.
  • LXD is now using Weblate for its translations.

Bugfixes:

  • client: Add a done signal to Monitor API
  • client: Better handle http errors
  • client: Commonize update methods
  • doc: Add Documentation on Network Configuration via cloud-init
  • doc: Added reference to godoc to README.md
  • doc: Update README.md for CI and Weblate status
  • extra/lxc-to-lxd: Add more unsupported config keys
  • extra/lxc-to-lxd: All properties must be strings
  • extra/lxc-to-lxd: Copy the rootfs by default, don't move it
  • extra/lxc-to-lxd: Show nicer error on missing python3-lxc
  • extra/lxc-to-lxd: Switch to using a config whitelist
  • global: Fix typos
  • global: "gofmt -s" run
  • lxc: Better handle timestamps
  • lxc: Make help messages more consistent
  • lxc: Properly check yaml errors
  • lxc/init: Fix example
  • lxc/init: Properly replace args list
  • lxc/launch: Just use init.go's flags()
  • lxc/list: Sort IPv4 and IPv6 addresses
  • lxc/remote: Update help
  • lxd-bridge: Add ip6tables filter rules
  • lxd-bridge: DHCP happens over UDP only
  • lxd-bridge: Make IPv4 firewalling optional (default is enabled)
  • lxd/containers: Add basic logging to container creation
  • lxd/containers: Allow passing in-memory buffers to a FileResponse
  • lxd/containers: Also call setgroups when attaching to the container
  • lxd/containers: Avoid race condition in network fill function
  • lxd/containers: Blacklist lxc.syslog and lxc.ephemeral in raw.lxc
  • lxd/containers: Detect background tasks to allow clean exit
  • lxd/containers: Do mounts in the right order
  • lxd/containers: Don't attempt to read xattrs from symlinks
  • lxd/containers: Don't block resolution on non-existing paths
  • lxd/containers: Don't record last_state.power twice
  • lxd/containers: Exec() return attached PID && take bool arg
  • lxd/containers: Fix container state recording
  • lxd/containers: Fix device hotplug with major/minor set
  • lxd/containers: Fix file push error handling
  • lxd/containers: Fix generated seccomp profile
  • lxd/containers: Fix logging for file_manip commands
  • lxd/containers: Improve error handling and reporting during export
  • lxd/containers: Return a clear error when replacing a directory
  • lxd/daemon: Common codepath for http client
  • lxd/daemon: Don't set InsecureSkipVerify on daemon's tls config
  • lxd/daemon: Log daemon version
  • lxd/daemon: Make directories with stricter permissions
  • lxd/daemon: Make LXD_DIR with +x for group and everyone
  • lxd/daemon: Only mark ready once containers are up
  • lxd/daemon: Properly validate daemon keys on unset
  • lxd/daemon: Use our custom http server when updating HTTPS address too
  • lxd/db: Drop unused code from db.go
  • lxd/images: Close race condition in image download
  • lxd/images: Track speed during network transfers
  • lxd/main: Move activateifneeded to own file
  • lxd/main: Move callhook to own file
  • lxd/main: Move daemon to own file
  • lxd/main: Move forkexec to own file
  • lxd/main: Move forkgetnet to own file
  • lxd/main: Move forkmigrate to own file
  • lxd/main: Move forkstart to own file
  • lxd/main: Move init to own file
  • lxd/main: Move migratedumpsuccess to own file
  • lxd/main: Move netcat to own file
  • lxd/main: Move ready to own file
  • lxd/main: Move shutdown to own file
  • lxd/main: Move waitready to own file
  • lxd/main: Rename nsexec.go to main_nsexec.go
  • lxd/migrate: Use the generated snapshot list
  • lxd/patches: Mark all patches as applied on create
  • lxd/profiles: Fix unusued variable
  • lxd/storage: btrfs: Don't assume a path is a subvolume
  • lxd/storage: Change ContainerStart to take the name and path to start
  • lxd/storage: Rework EEXISTS detection on create
  • lxd/storage: zfs: Simplify device tracking logic
  • Makefile: Rework "make dist" to be more reliable
  • shared: add GetPollRevents()
  • shared: Add WebsocketExecMirror()
  • shared: Centralize all cert fingerprint generation
  • shared: Convert TransferProgress to ReadCloser
  • shared: ExecReaderToChannel() use sync.Once
  • shared: Give Architecture handling its own package
  • shared: Give IO progress tracker its own package
  • shared: Give simplestreams client its own package
  • shared: Give version handling its own package
  • shared: Implement write tracking
  • shared: Make a helper to compute cert fingerprint
  • shared: Move Device/Devices types to lxd package
  • shared: Move FromLXCState out of shared
  • shared: Move REST API to new package: certificate
  • shared: Move REST API to new package: container
  • shared: Move REST API to new package: godoc
  • shared: Move REST API to new package: image
  • shared: Move REST API to new package: network
  • shared: Move REST API to new package: operation
  • shared: Move REST API to new package: profile
  • shared: Move REST API to new package: response
  • shared: Move REST API to new package: server
  • shared: Move REST API to new package: status
  • shared: Move WebsocketUpgrader to network.go
  • shared: Remove GroupName function and add UserId one
  • shared: Rename idmapset_test_linux.go to idmapset_linux_test.go
  • shared: Support absolute file transfer tracking
  • shared/idmapset: Drop debugging code
  • shared/idmapset: Fix intersection test
  • shared/logging: Introduce our own formatter
  • shared/logging: Make PrintStack print at the Error level
  • shared/simplestreams: Don't depend on custom http handler
  • shared/simplestreams: Pass UserAgent as argument
  • shared/util: Add Int64InSlice()
  • shared/util: GetByteSizeString() take precision argument
  • shared/util: Improve byte parsing
  • shared/util: ParseByteSizeString() deal with bytes
  • tests: Don't ignore errors in db tests
  • tests: Fix bad variable name
  • tests: Fix deadcode to work with new upstream
  • tests: Fix shellcheck being confused by cd
  • tests: Fix standalone remote test
  • tests: Shorten test name to fit on Jenkins
  • tests: Simplify testsuite spawn code
  • tests: Test lxd shutdown
  • tests: Use lxc restart instead of reboot

Downloads

The release tarballs can be found on our download page.

LXD 2.8 release announcement

24th of January 2017

The changes in this release include

New features:

  • Exec sessions being killed by a signal will now report the signal number as part of their exit code.
  • The first stage of our Go client API rework is now done with a new api module containing all REST API definitions.
  • The dnsmasq instance used for LXD managed bridges is now running as an unprivileged user.
  • VLAN device types are now properly reported in the API and client.
  • The client will now show the date an image was last used at (in lxc image info).
  • LXD is now using Weblate for its translations.

Bugfixes:

  • client: Add a done signal to Monitor API
  • client: Better handle http errors
  • doc: Add Documentation on Network Configuration via cloud-init
  • doc: Update README.md for CI and Weblate
  • doc: Update README.md for godoc
  • global: Fix typos
  • global: "gofmt -s" run
  • i18n: Improved and completed french translation
  • i18n: Update message catalogs and Japanese translation
  • i18n: Update translations from weblate
  • lxc: Better handle timestamps
  • lxc/file: Fix directory permissions on recursive push (Issue #2759)
  • lxc/init: Properly replace args list
  • lxc/list: Fix unused variable
  • lxc/list: Sort IP addresses in output
  • lxc/network: Better handle network modifications (Issue #2785)
  • lxc/network: Sort UsedBy list on show
  • lxc: Properly check yaml errors
  • lxc/remote: Update help
  • lxd/containers: Allow passing in-memory buffers to a FileResponse
  • lxd/containers: Don't attempt to read xattrs from symlinks (Issue #2801)
  • lxd/containers: Improve error handling and reporting during export
  • lxd/containers: Report -1 (255) on signal exit during exec
  • lxd/containers: Report exit code when we got killed by signal
  • lxd/db: Drop unused code from db.go
  • lxd/devices: Don't ignore regexp failures
  • lxd/images: Close race condition in image download (Issue #2739)
  • lxd/init: We need an address in CIDR notation instead of CIDR subnet
  • lxd/migrate: Use the generated snapshot list
  • lxd/network: Clean up leases for static assignments (Issue #2781)
  • lxd/networks: Handle empty dnsmasq pid file (Issue #2767)
  • lxd/network: Update permissions of network directories (Issue #2804)
  • lxd/patches: Mark all patches as applied on create
  • lxd/profiles: Fix unusued variable
  • lxd/storage: Don't assume a path is a subvolume (Issue #2748)
  • shared: Add Int64InSlice()
  • shared: Have GetByteSizeString() take a precision argument
  • shared: Improve byte parsing in GetByteSizeString() and ParseByteSizeString()
  • shared: Move Device/Devices types to lxd package
  • shared: ParseByteSizeString() deal with bytes
  • shared: Remove GroupName function and add UserId one
  • tests: Don't ignore errors in db tests
  • tests: Fix deadcode to work with new upstream
  • tests: Fix shellcheck being confused by cd
  • tests: Use lxc restart whenever possible

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.7 release announcement

20th of December 2016

The changes in this release include

New features:

  • New "ipv4.firewall" and "ipv6.firewall" network attributes controlling the generation of iptables FORWARD rules
  • New "ipv4.routes" and "ipv6.routes" network attributes allowing for additional static routes to be set to the network.
  • New "lxd import" command allowing importing of containers when all that exists is the "containers" directory.

Bugfixes:

  • client: Commonize update methods and add PATCH
  • extra/lxc-to-lxd: Add more unsupported config keys
  • extra/lxc-to-lxd: All properties must be strings (Issue #2663)
  • extra/lxc-to-lxd: Copy rootfs by default, do not move
  • extra/lxc-to-lxd: Show nicer error on missing python3-lxc
  • extra/lxc-to-lxd: Switch to using whitelist
  • i18n: Update french translation
  • lxc/file: Fix off by one error in push
  • lxc: Improve help messages (Issue #2719)
  • lxc/init: Fix example
  • lxc/launch: Just use init.go's flags()
  • lxd: Common codepath for http client
  • lxd: Don't set InsecureSkipVerify on daemon's tls config
  • lxd: Log daemon version
  • lxd: Make LXD_DIR 711 by default (needed for unprivileged containers)
  • lxd: Only mark daemon ready once containers are up
  • lxd: Properly validate daemon keys on unset (Issue #2698)
  • lxd: Refactoring of sub-command code
  • lxd: Use our custom http server when updating HTTPS address too
  • lxd/containers: Add basic logging to container creation
  • lxd/containers: Avoid race condition in network fill function
  • lxd/containers: Blacklist lxc.syslog and lxc.ephemeral
  • lxd/containers: Cleanup leftover temp file
  • lxd/containers: Detect background tasks to allow clean exit on exec
  • lxd/containers: Do mounts in the right order (Issue #2717)
  • lxd/containers: Don't record last_state.power twice
  • lxd/containers: Fix container state recording (Issue #2686)
  • lxd/containers: Fix device hotplug with major/minor set
  • lxd/containers: Fix file push error handling
  • lxd/containers: Fix logging for file_manip commands
  • lxd/containers: Move FromLXCState out of shared
  • lxd/containers: Return a clear error when replacing a directory (Issue #2668)
  • lxd/containers: Rework EEXISTS detection on create
  • lxd/networks: Allow for network-specific lease updates
  • lxd/networks: DHCP over TCP has never been implemented
  • lxd/nsexec: Also call setgroups (Issue #2724)
  • lxd/seccomp: Fix generated seccomp profile
  • lxd/storage: Change ContainerStart to take the name and path to start
  • Makefile: Rework "make dist"
  • shared: Give Architecture handling its own package
  • shared: Give IO progress tracker its own package
  • shared: Give simplestreams client its own package
  • shared: Give version handling its own package
  • shared: Introduce our own formatter
  • shared: Make a helper to compute cert fingerprint
  • shared: Make PrintStack print at the Error level
  • shared: Move WebsocketUpgrader to network.go
  • shared: Rename idmapset_test_linux.go to idmapset_linux_test.go
  • shared/idmap: Drop debugging code
  • shared/idmap: Fix intersection test
  • shared/simplestreams: Don't depend on custom http handler
  • shared/simplestreams: Pass UserAgent as argument
  • tests: Add pki test
  • tests: Only attach lxdbr0 if it is present on the host
  • tests: Simplify testsuite spawn code
  • tests: Test lxd shutdown

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.8 release announcement

24th of November 2016 Follow-up bugfix release to fix a regression introduced by the rushed 2.0.7 release.

The changes since LXD 2.0.7 are

Bugfixes:

  • Don't grab addresses from public remotes

Downloads

The release tarballs can be found on our download page.

LXD 2.6.2 release announcement

24th of November 2016 Follow-up bugfix release to fix a regression introduced by the rushed 2.6.1 release.

The changes in this release include

Bugfixes:

  • Don't grab addresses from public remotes

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.7 release announcement

24th of November 2016 This is an emergency bugfix release to fix a critical regression in LXD 2.0.6.

The regression was causing pre-existing unprivileged containers to potentially start as privileged containers upon restart.

The changes since LXD 2.0.6 are

Bugfixes:

  • extra/bash: Better parse containers list
  • lxc/copy: Make container copy more robust (Issue #2640)
  • lxd/containers: Don't assign idmaps to privileged containers
  • lxd/containers: Don't break when parsing old containers
  • lxd/containers: Don't double apply templates
  • lxd/containers: Fix concurrent map iteration+modification
  • lxd/containers: Fix idmap handling of pre-idmap containers (Issue #2644)
  • tests: Add tests for file templating (Issue #2642)

Downloads

The release tarballs can be found on our download page.

LXD 2.6.1 release announcement

24th of November 2016 This is an emergency bugfix release to fix a critical regression in LXD 2.6.

The regression was causing pre-existing unpriivleged containers to potentially start as privileged containers upon restart.

The changes in this release include

Bugfixes:

  • extra/bash: Better parse containers list
  • lxc/copy: Make container copy more robust (Issue #2640)
  • lxc/init: Remove unicode character from lxc warning
  • lxd/containers: Don't assign idmaps to privileged containers
  • lxd/containers: Don't break when parsing old containers
  • lxd/containers: Don't double apply templates
  • lxd/containers: Fix concurrent map iteration+modification
  • lxd/containers: Fix idmap handling of pre-idmap containers (Issue #2644)
  • tests: Add tests for file templating (Issue #2642)

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.6 release announcement

23rd of November 2016 This is the sixth bugfix release for LXD 2.0.

The changes since LXD 2.0.5 are

Minor improvements:

  • Support for container specific uid/gid maps (see userns-idmap.md)

Bugfixes:

  • appveyor: Add config to git (Issue #2537)
  • appveyor: Cleanup appveyor.yml before modifications
  • appveyor: Create archive with platform specifier in its name
  • appveyor: Do verbose testing for test names and timings
  • appveyor: Publish compiled binaries for download
  • client: Rework progress handling
  • doc: Add hacking guide (debugging.md)
  • doc: Add official Windows support in README
  • doc: Bump liblxc version required in README
  • doc: Sort API endpoints in rest-api.md
  • doc: Update README to specify docker installation details
  • doc: Update requirements, we actually require 2.0.0 or higher
  • doc: Use consistent method ordering in rest-api.md
  • extra/bash: Allow dash in parameters to lxc-client bash-completion
  • extra/bash: Fix _lxd_profiles in lxc-client bash-completion
  • extra/lxc-to-lxd: Better output with no container
  • extra/lxc-to-lxd: Check that source path exists (disk) (Issue #2572)
  • extra/lxc-to-lxd: Consistent logging
  • extra/lxc-to-lxd: Don't fail dry-run with runnning containers
  • extra/lxc-to-lxd: Drop dependency on pylxd
  • extra/lxc-to-lxd: Fix lxdpath handling
  • extra/lxc-to-lxd: Formatting
  • extra/lxc-to-lxd: Migrate lxc.aa_profile if set
  • extra/lxc-to-lxd: Print summary and proper exit code
  • lxc/copy: Don't use the operation as a marker of success
  • lxc/copy: Wait on the source operation too
  • lxc/delete: update help text
  • lxc/exec: Set term to "dumb" on windows (Issue #2288)
  • lxc/finger: update help text
  • lxc: Fix tests on Windows/Mac
  • lxc/list: Fix typo in help message
  • lxc/remote: Fix remote add with Go tip
  • lxc/restore: update help text
  • lxc: Use .yaml as the yaml extension in examples
  • lxd/certificates: Export all documented certificate fields
  • lxd/containers: Add /snap/bin to PATH even if only /snap exists
  • lxd/containers: Also clean up apparmor stuff in OnStart when something fails
  • lxd/containers: Attach to userns on file operations
  • lxd/containers: Be more verbose on mkdir failure
  • lxd/containers: Better handle concurrent stop/shutdown
  • lxd/containers: Catch and return more errors in OnStop
  • lxd/containers: Clarify container delete failure error
  • lxd/containers: Don't destroy ephemeral container on restart (Issue #2555)
  • lxd/containers: Don't double delete ephemeral containers
  • lxd/containers: Don't show invalid logs
  • lxd/containers: Fix forkmount to work with 4.8 and higher
  • lxd/containers: Fix invalid filename of metadata on export (Issue #2467)
  • lxd/containers: Improve config validation on update
  • lxd/containers: Improve container error handling
  • lxd/containers: Improve container locking mechanism (Issue #2612)
  • lxd/containers: log OnStart/OnStop hook errors
  • lxd/containers: More reliable container autostart (Issue #2469)
  • lxd/containers: Only load kernel modules if not loaded
  • lxd/containers: Properly validate CPU allowance
  • lxd/containers: Properly validate memory limits (Issue #2483)
  • lxd/containers: Record the err from go-lxc
  • lxd/containers: Remove legacy code from OnStop
  • lxd/containers: Remove unused code
  • lxd/containers: Save properties on publish
  • lxd/containers: Set LXC loglevel to match daemon (Issue #2528)
  • lxd/containers: Skip leading whitespace in raw.lxc
  • lxd/containers: Start storage when necessary in stateful start
  • lxd/containers: Timeout container freeze on stop
  • lxd/images: Detect out of disk space unpack errors (Issue #2201)
  • lxd/images: Don't make unnecessary image copies (Issue #2508)
  • lxd/images: Don't update images at all if interval is 0
  • lxd/images: Store the simplestreams cache to disk (Issue #2487)
  • lxd/init: Detect zfs kernel support
  • lxd/init: Ignore ZFS if in a container
  • lxd/main: Immediately exit when no DB in activateifneeded
  • lxd/migration: Fix a race for collecting logs
  • lxd/migration: Remove debugging by file creation
  • lxd/migration: Start migration storage at the right time (Issue #2505)
  • lxd/storage: Fix 10s delay on removing used ZFS images (Issue #2617)
  • lxd/storage: Freeze before copying in dir backend
  • lxd/storage: Simplify rsync code
  • shared/certificates: Be more thorough when parsing ip addr
  • shared: Disable keepalives in http.Transports
  • shared: Move Linux specific tests away (Issue #2449)
  • shared/simplestreams: Cleanup unused properties
  • tests: Better fix LXD_DEBUG
  • tests: Cleanup leftover containers
  • tests: Don't depend on main.sh for filemanip
  • tests: Implement LXD_VERBOSE
  • tests: Reduce verbosity under LXD_DEBUG
  • travis: Run the client tests
  • travis: Update to match Jenkins Go versions

Downloads

The release tarballs can be found on our download page.

LXD 2.6 release announcement

22nd of November 2016

The changes in this release include

New features:

  • Support for container specific uid/gid maps (see userns-idmap.md)
  • Send progress notification during container migration (API only)
  • Copy the source image properties into the container properties (image. namespace)

Bugfixes:

  • doc: Add hacking guide (debugging.md)
  • doc: Add missing pci options for gpu in configuration.md
  • doc: Bump liblxc version required in README
  • doc: Document user.network-config
  • doc: Exec recording needs an API extension
  • doc: Specify docker installation details in README
  • lxc/delete: Update help text
  • lxc/file: Fix recursive file pull/push on Windows
  • lxc/finger: Update help text
  • lxc/restore: Update help text
  • lxc: Rework progress handling
  • lxd/containers: Actually surface the last used update error
  • lxd/containers: Add /snap/bin to PATH even if only /snap exists
  • lxd/containers: Attach to userns on file operations
  • lxd/containers: Better handle concurent stop/shutdown
  • lxd/containers: Clarify container delete failure error
  • lxd/containers: Correctly set liblxc loglevel to debug when in --debug mode
  • lxd/containers: Don't double delete ephemeral containers
  • lxd/containers: Improve container error handling
  • lxd/containers: Improve container locking mechanism (Issue #2612)
  • lxd/containers: Save properties on publish
  • lxd/containers: Skip leading whitespace in raw.lxc
  • lxd/containers: Start storage when necessary during stateful start
  • lxd/containers: Timeout container freeze on stop
  • lxd/containers: Track speed during network transfers
  • lxd/images: Don't update images at all if interval is 0
  • lxd/main: Immediately exit when no DB in activateifneeded
  • lxd/networks: Fixed minor typo in checkNetwork
  • lxd/networks: Spawn dnsmasq on FAN bridges
  • lxd/storage: Fix 10s delay on removing ZFS used images (Issue #2617)
  • lxd/storage: Freeze container during copy on directory backend
  • scripts/lxc-to-lxd: Better output with no container
  • scripts/lxc-to-lxd: Check that source path exists (disk) (Issue #2572)
  • scripts/lxc-to-lxd: Consistent logging
  • scripts/lxc-to-lxd: Don't fail dry-run with runnning containers
  • scripts/lxc-to-lxd: Drop dependency on pylxd
  • scripts/lxc-to-lxd: Fix lxdpath handling
  • scripts/lxc-to-lxd: Formatting
  • scripts/lxc-to-lxd: Migrate lxc.aa_profile if set
  • scripts/lxc-to-lxd: Print summary and proper exit code
  • shared/idmapset: Fix typo in Intersects
  • shared/simplestreams: Cleanup unused properties
  • tests: Cleanup leftover containers
  • tests: Don't depend on main.sh for filemanip
  • tests: Implement LXD_VERBOSE for reduced verbosity
  • tests: Reduce verbosity under LXD_DEBUG

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.5 release announcement

25th of October 2016

The changes in this release include

New features:

  • lxc/remote: Allow adding a new remote just by FQDN/IP (without a name)
  • lxd/containers: Implement exec output recording in the API
  • lxd/images: Store the simplestreams cache to disk (allows for offline use of those remote images)
  • lxd/certificates: Add support for PUT/PATCH of certificates
  • lxd/containers: Support signal forwarding in exec session
  • lxd/containers: Add support for GPU hotplug ("gpu" device type)

Bugfixes:

  • appveyor: Add appveyor config to git (Issue #2537)
  • client: Disable keepalives in http.Transports
  • client: Fix tests of client on Windows/Mac
  • doc: Add official Windows support to README
  • doc: Sort API endpoints in rest-api
  • doc: Use consistent method ordering in rest-api
  • doc: Use spaces everywhere
  • doc: We actually require 2.0.0 or higher
  • doc: Workaround github markdown renderer
  • examples: Use .yaml as the yaml extension
  • extra: Added the command network to lxc-client bash-completion
  • extra: Allow dash in parameters to lxc-client bash-completion
  • extra: Fix _lxd_profiles in lxc-client bash-completion
  • lxc/copy: Don't use the operation as a marker of success
  • lxc/copy: Wait on the source operation too
  • lxc/exec: Set term to "dumb" on windows (Issue #2288)
  • lxc/file: Fix help typo
  • lxc/file: Fix mkdir -p /
  • lxc/file: Normalize paths before sending them to the server (Issue #2557)
  • lxc/init: Fix typo in nictype value for -n
  • lxc/list: Fix typo in lxc list help
  • lxc/push: Fix typo (Issue #2501)
  • lxc/remote: Fix remote add with Go tip
  • lxd/certificates: Export all documented certificate fields
  • lxd/containers: Be more verbose on mkdir failure
  • lxd/containers: Catch and return more errors in OnStop
  • lxd/containers: Clean up apparmor stuff in OnStart when something fails
  • lxd/containers: Don't destroy ephemeral container on restart (Issue #2555)
  • lxd/containers: Don't show invalid logs
  • lxd/containers: exec: Remove unused code
  • lxd/containers: Fix forkmount to work with 4.8 and higher
  • lxd/containers: Fix wording of seccomp error message
  • lxd/containers: Improve config validation on update
  • lxd/containers: Log OnStart/OnStop hook errors
  • lxd/containers: More reliable container autostart (Issue #2469)
  • lxd/containers: Only load kernel modules if not loaded
  • lxd/containers: Properly validate CPU allowance
  • lxd/containers: Properly validate memory limits (Issue #2483)
  • lxd/containers: Record the err from go-lxc
  • lxd/containers: Remove legacy code from OnStop
  • lxd/containers: Report correct dev type in log
  • lxd/containers: Set LXC loglevel to match daemon (Issue #2528)
  • lxd/containers: USB vendorid is mandatory, productid isn't
  • lxd/devices: Be less optimistic about netlink info
  • lxd/devices: Use DEVNAME entry of netlink for usb
  • lxd/images: Detect out of disk space unpack errors (Issue #2201)
  • lxd/images: Don't make unnecessary image copies (Issue #2508)
  • lxd/images: Fix invalid filename of metadata on export (Issue #2467)
  • lxd/init: Detect zfs kernel support
  • lxd/init: Ignore ZFS if in a container
  • lxd/migration: Fix a race for collecting logs
  • lxd/migration: Remove debugging by file creation
  • lxd/migration: Start migration storage at the right time (Issue #2505)
  • lxd/networks: Always allow communication with dnsmasq (Issue #2506)
  • lxd/networks: Always pass --enable-ra with IPv6 (Issue #2481)
  • lxd/networks: Fill DHCP checksums
  • lxd/networks: Fix IPv6 DHCP logic
  • shared/cert: be more thorough when parsing ip addr
  • shared: Move Linux specific tests away (Issue #2449)
  • travis: Run the client tests
  • travis: Update to match Jenkins Go versions

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.4.1 release announcement

5th of October 2016 The primary goal for this release is to publish release tarballs that actually report LXD as "2.4.1" rather than "2.3" as the release ones mistakenly did.

We're including a couple of bugfixes in the process too.

The changes in this release include

Bugfixes:

  • shared: Remove logging import
  • tests: add a test to make sure we don't accidentally include new deps
  • extras: Added the command shell to lxc-client bash-completion

Downloads

The release tarballs can be found on our download page.

LXD 2.0.5 release announcement

5th of October 2016 This is the fifth bugfix release for LXD 2.0.

The changes since LXD 2.0.4 are

Note that several migration fixes included in this release depend on a newer go-lxc. If building manually, you may need to update your copy of go-lxc. If building for a distribution, you may need to update your packaged version of go-lxc to a newer snapshot.

Minor improvements:

  • Support for AppArmor namespacing and stacking
  • Rework LXD daemon logging to be cleaner and more generally useful (Issue #1928)
  • "lxc info CONTAINER" now shows the name of the remote for the container
  • Client errors now include the remote the container is on
  • /snap/bin is included to PATH if present in the container

Bugfixes:

  • doc: Add txqueuelen tweak.
  • doc: Clarify that user_subvol_rm_allowed is needed for btrfs nesting (Issue #2338)
  • doc: Fix the table style of environment.md (Issue: #2410)
  • doc: Fix typos in production-setup.md
  • doc: Remove trailing spaces in production-setup.md
  • doc: Spacing cleanup
  • extras: Containers state checking for start, stop and exec commands
  • extras: Fixed container convert from LXC to LXD
  • fuidshift: expand symlinks to last path component
  • lxc: Drop unused httpAddr property
  • lxc/exec: Document lxc exec -- args
  • lxc/exec: Use os.LookupEnv from go 1.5 to find environment vars
  • lxc: Fix spacing alignment in config.go's examples
  • lxc/help: Send error to stdout (Issue #2301)
  • lxd/apparmor: Be less restrictive when unprivileged
  • lxd-bridge: Fail on dnsmasq failure
  • lxd-bridge: Fix crash in lxd-bridge-proxy
  • lxd: Consistently handle name conflicts
  • lxd/container: Allow unsetting any config key
  • lxd/container_lxc: handle xattrs
  • lxd/container: Retry generating petnames
  • lxd/container: Return an error on "restart" without force of a paused container (Issue #2311)
  • lxd/container: Rework container operation locking (Issue #2297)
  • lxd/daemon: Do our own socket activation (Issue #2333)
  • lxd/db: Fix int64 handling
  • lxd/db: Make a database backup on schema updates (Issue #2299)
  • lxd/db: Rework DB schema updates
  • lxd/image: Fix support for lzma alone file format (Issue #2360)
  • lxd/image: Tweak squashfs for low-memory systems (Issue #2382)
  • lxd/init: Change default host to all (::)
  • lxd/init: Change validation functions for consistency
  • lxd/init: Default to "dir" when "zfs" isn't available (Issue #2340)
  • lxd/init: Don't fail when passed "all" as an IP
  • lxd/init: Enable compression on new zfs pools
  • lxd/init: Fix listed default value for ZFS pool (Issue #2339)
  • lxd/init: use more intelligent logic for partition sizing
  • lxd/migration: Actually support copying across different CoW based backend types (Issue #2359)
  • lxd/migration: Also show warnings on c/r errors
  • lxd/migration: Bump ghost limit
  • lxd/migration: Don't use ActionScript if it's not available
  • lxd/migration: Preserve snapshot configuration
  • lxd/migration: Resume dumped container on failed restore
  • lxd/migration: Use liblxc's new preserves_inodes feature
  • lxd/network: Detect bonds
  • lxd/network: Detect openvswitch
  • lxd/network: Fix networkIsInUse
  • lxd/network: Move and rename isOnBridge
  • lxd/profile: Cleaner error on existing profile name
  • lxd/profile: Properly cleanup on profile removal (Issue #2347)
  • lxd/storage: Copy everything on container copy (Issue #2371)
  • lxd/storage: Extra checks and config for ZFS pools
  • Makefile: Don't recursively include test deps
  • README: Add AppVeyor badge (Windows testing)
  • shared: Add GetOwner stub for Windows (fixes #2438)
  • shared: Generate client certificate with proper extended usage info
  • shared: Make TestReaderToChannel transfer smaller
  • shared: New RunCommand wrapper function
  • tests: Add a test to make sure we don't accidentally include new deps
  • tests: add test for GetAllXattr()
  • tests: Fix apparmor version check
  • tests: Fix for newer shellcheck
  • tests: Force UTC timezone
  • tests: Only check leftovers on active LXD
  • tests: skip tests when xatts are not supported

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.4 release announcement

4th of October 2016

The changes in this release include

New features:

  • Add API support for push based migration (with a client acting as relay)
  • Add a new used_by property to profiles (similar to networks)
  • Update "lxc profile list" to show a table
  • Support configuring NAT through "lxd init"

Bugfixes:

  • lxd/init: Actually add new network to profile
  • lxd/init: Typo fix
  • lxd/migration: Don't use ActionScript if it's not available
  • lxd/network: Allow nil network config
  • lxd/network: Better deal with partially disabled IPv6
  • lxd/network: Fix automatic nat settings
  • lxd/network: Fix IPv6 forwarding logic
  • lxd/network: Fix rare race condition with sysctl
  • lxd/network: Fix typo discovered by lintian
  • lxd/zfs: Extra checks and config for ZFS pools
  • doc: Add AppVeyor badge (Windows testing)
  • Makefile: Don't recursively include test deps
  • shared: Add GetOwner stub for Windows
  • shared: Generate client certificate with proper extended usage info
  • test: Fix apparmor version check
  • test: Fix shellcheck warning
  • test: Force UTC timezone
  • test: Make container cleanup more reliable

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.3 release announcement

27th of September 2016 LXD 2.3 includes a few major features we've been working on for months.

The main one is a completely new set of API endpoints, configuration options and commands. This allows creating and configuring bridges through LXD, including IPv4 and IPv6 connectivity, Ubuntu FAN support, cross-host tunnels with GRE or VXLAN, various DNS modes, DHCP configuration and MAC filtering.

The other feature we're very excited about is support for AppArmor namespaces and stacking. This will allow containers to load apparmor profiles and further confine their workloads.

The changes in this release include

New features:

  • Introduce the new network management API
    • POST to /1.0/networks (see rest-api.md)
    • PUT to /1.0/networks/NAME (see rest-api.md)
    • PATCH to /1.0/networks/NAME (see rest-api.md)
    • DELETE to /1.0/networks/NAME (see rest-api.md)
    • "lxc network" commands
    • Network configuration in "lxd init"
    • The default profile now comes without network configuration
    • The old lxd-bridge code has been removed
    • Details of configuration options in configuration.md
  • Support for AppArmor namespaces and profile stacking
    • On supported kernels, containers will now be able to use apparmor
  • Introduce a new storage.lvm_mount_options daemon configuration option
  • Rework log message priorities and add more context to log messages
  • "lxc info" now shows the remote name in its output
  • The client now includes the remote name in error messages

Bugfixes:

  • apparmor: Be less restrictive when unprivileged
  • apparmor: create an apparmor namespace for each container
  • doc: Fix rest-api for PATCH addition
  • doc: Fix the table sytle of environment.md
  • extras: Containers state checking for start, stop and exec commands in bash completion
  • extras: Fixed container convert from LXC to LXD
  • extras: Update bash completion for current options
  • lxc: Drop unused httpAddr property
  • lxc/exec: Document lxc exec -- args
  • lxc/file: Make the target directory on recursive pull
  • lxd/db: Don't try to backup the database when running tests
  • lxd/db: Fix int64 handling
  • lxd/images: Tweak squashfs for low-memory systems
  • lxd/init: Change validation functions for consistency
  • lxd/init: Enable compression on new zfs pools
  • lxd/log: Add format wrappers for log functions
  • lxd/log: Add wrappers for log functions
  • lxd/log: Transition to new wrappers
  • lxd/migration: Actually support copying across different CoW based backend types
  • lxd/migration: Also show warnings on c/r errors
  • lxd/migration: Preserve snapshot configuration during copy
  • lxd/network: Detect bonds
  • lxd/network: Detect openvswitch
  • lxd/network: Fix networkIsInUse
  • lxd/network: Move and rename isOnBridge
  • shared: Export type checking functions
  • shared: fuidshift: Expand symlinks to last path component
  • shared: New RunCommand wrapper function
  • snappy: Add /snap/bin to PATH if present

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.2 release announcement

14th of September 2016

The changes in this release include

New features:

  • client: Add a "manpage" command (Issue #2280)
  • client: Add a "rename" alias (Issue #2320)
  • client/file: Recursive file push/pull (-r) (Issue #1218)
  • client/file: Support recursive directory creation (-p) (Issue #2290)
  • client/info: Add cpu usage (Issue #1867)
  • client/publish: Allow overriding compression algorithm (Issue #2296)
  • daemon: Make a database backup on schema updates (Issue #2299)
  • daemon/container: Expose CPU usage (Issue #1867)
  • daemon/container: Recursive file push/pull (Issue #1218)
  • daemon/image: Allow overriding compression algorithm (Issue #2296)
  • daemon/init: Ask for images.auto_update_interval (Issue #2167)
  • daemon/storage: Add new storage.zfs_use_refquota option (Issue #2354)

Bugfixes:

  • client/exec: Use os.LookupEnv from go 1.5 to find environment vars
  • client/help: Change lxc help to to go to stdout (Issue #2301)
  • daemon: Consistently handle name conflicts
  • daemon/container: Allow unsetting any config key
  • daemon/container: Fix USB transposed major/minor
  • daemon/container: Handle xattrs on publish
  • daemon/container: Retry generating petnames on conflict
  • daemon/container: Return an error on "restart" without force of a paused container (Issue #2311)
  • daemon/container: Rework container operation locking (Issue #2297)
  • daemon/container: Try to remove the usb bus dir after device disconnect (Issue #2306)
  • daemon/container: Various USB hotplug fixes (Issue #2312)
  • daemon/dir: Copy everything on container copy (Issue #2371)
  • daemon: Do our own socket activation (Issue #2333)
  • daemon/image: Fix support for lzma alone file format (Issue #2360)
  • daemon/init: Change default host to all (::)
  • daemon/init: Default to "dir" when "zfs" isn't available (Issue #2340)
  • daemon/init: Fix listed default value for ZFS pool (Issue #2339)
  • daemon/init: Use more intelligent logic for partition sizing
  • daemon/profile: Cleaner error on existing profile name
  • daemon/profile: Properly cleanup on profile removal (Issue #2347)
  • doc: Add txqueuelen tweak
  • doc: Clarify that user_subvol_rm_allowed is needed for btrfs nesting (Issue #2338)
  • doc: Fix typos in production-setup.md
  • doc: Rename api_extensions to api-extensions
  • i18n: Update po files and Japanese translation
  • lxd-bridge: Fix crash in lxd-bridge-proxy
  • tests: Fix race in alias test
  • tests: Make TestReaderToChannel transfer smaller
  • tests: Only check leftovers on active LXD

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.1 release announcement

16th of August 2016 LXD 2.1 is the first feature release following LXD 2.0 LTS.

Note that this release does not have LTS status and as such will not benefit from multi-year support or bugfix releases.

For production environments, we recommend that you stick to the LXD 2.0 LTS release.

The changes in this release include

New features:

  • client: Add a lxc shell alias by default
  • client: Build unix-like aliases directly into LXC (lxc {cp,ls,mv,rm}, lxc image {cp,ls,rm}, lxc image alias {ls,rm}, lxc remote {ls,mv,rm} and lxc config device {ls,rm})
  • client: Generate the client certificate on-demand
  • client/copy: Allow additional profiles and config to be set
  • client/copy: Pick a random name if not specified and same host
  • client/image: Add --format and json output
  • client/image: Allow deleting multiple images at once
  • client/list: Add support for config key columns (e.g. lxc list -c ns,security.privileged:privileged)
  • client/profile: lxc profile apply is now lxc profile assign
  • client/profile: New lxc profile add and lxc profile remove sub-commands
  • client/version: Do not show the version command by default
  • daemon: Add a global core.https_allowed_credentials key
  • daemon: Implement ETag support for all PUT calls
  • daemon: Implement PKI authentication (see doc/lxd-ssl-authentication.md)
  • daemon: Implement the PATCH method for all endpoints already supporting PUT
  • daemon/container: : Add config key for container force shutdown timeout (boot.host_shutdown_timeout)
  • daemon/container: Add some seccomp knobs (security.syscalls.{blacklist,blacklist_default,blacklist_compat,whitelist} and raw.seccomp)
  • daemon/container: Add support for the "usb" device type (see doc/configuration.md)
  • daemon/container: Record the last used date for containers (also expose in lxc info and lxc list)
  • daemon/zfs: Allow forcing snapshot removal through configuration (storage.zfs_remove_snapshots)

Bugfixes:

  • All the bugfixes listed as part of LXD 2.0.1, 2.0.2, 2.0.3 and 2.0.4
  • tests: Fix for newer shellcheck
  • lxd-bridge: Fail on dnsmasq failure
  • c/r: switch to the new ->migrate API
  • c/r: use liblxc's new preserves_inodes feature
  • c/r: bump ghost limit

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.4 release announcement

15th of August 2016 This is the fourth bugfix release for LXD 2.0.

The changes since LXD 2.0.3 are

Minor improvements:

  • /dev/net/tun is now a default device (always present)
  • lxd-bridge: dnsmasq is now configured with IPv6 name resolution
  • lxd-bridge: iptables rules now have a comment (Issue #2125)
  • "lxd init" now comes with reasonable defaults (Issue #1933)
  • The "images:" remote now uses simplestreams on new installations
  • "lxc image export" now always uses the image fingerprint as filename
  • Import progress is now reported for URL imports in "lxc image import"

Bugfixes:

  • apparmor: Add feature detection and clean things a bit
  • apparmor: Don't depend on the LXC apparmor profile (Issue #1942)
  • apparmor: Rename main two chunks of rules (Issue #1942)
  • apparmor: Setup a more modular apparmor profile (Issue #1942)
  • client: Don't share http client with go routines (Issue #2186)
  • client: Error when trying to remove a non-existent device (Issue #2277)
  • client: Fix API info reporting in "lxc info"
  • client: Fix spelling: permisson -> permission (Issue #2211)
  • client: Make client.websocket a public API
  • client: Make --version option visible (Issue #2171)
  • client: Relax constraints on WebsocketRecvStream args
  • client: Use named args for actionCmds
  • client/finger: Remove unused field from finger cmd (Issue #2170)
  • client/image: Fix image import from URL (Issue #2272)
  • client/list: fix concurrent read/write (Issue #2183)
  • client/list: Fix error handling and race in "lxc list" (Issue #1753)
  • client/pause: Add some additional help to lxc pause
  • client/profile: Add "lxc profile unset" to help message (Issue #2227)
  • daemon/container: Actually handle containers list error
  • daemon/container: Add sanity checks for common problems (Issue #2190)
  • daemon/container: Alphabetize device processing (Issue #2233)
  • daemon/container: Better errors when sanity checking devices
  • daemon/container: Better handle missing or invalid device types (Issue #2210)
  • daemon/container: Document and validate limits.*.priority values (Issue #2231)
  • daemon/container: Document image export target behavior and fix bugs (Issue #2205)
  • daemon/container: Don't unfreeze a container on stop (Issue #2164)
  • daemon/container: Fix flag name in init error message
  • daemon/container: Fix limits.disk.priority when set to 0 (Issue #2230)
  • daemon/container: Fix nic hotplug with openvswitch (Issue #2106)
  • daemon/container: Fix unix-char/unix-block in nested containers (Issue #2279)
  • daemon/container: Improve check for invalid physical devices
  • daemon/container: Remember the return code in the non wait-for-websocket case (Issue #2243)
  • daemon/container: Remove unused "name" argument from {create,remove}UnixDevice
  • daemon/container: Return more error information back to the user (Issue #2190)
  • daemon/container: Sort disk devices by their path before their names (Issue #2249)
  • daemon/container: Unfreeze frozen container on shutdown (Issue #2164)
  • daemon/db: Don't fail db upgrade if $LXD_DIR/containers doesn't exist (LP: #1602025)
  • daemon/db: remove fuse device from docker profile (Issue #2213)
  • daemon/migration: fix tempdir handling
  • daemon/profile: Prevent using invalid profile names (Issue #2274)
  • daemon/zfs: Fix ZFS volume size on 32bit architectures (Issue #2158)
  • daemon/zfs: Only delete copy- snapshots on delete (Issue #2127)
  • daemon/zfs: Remove subvolume in zfs.ImageCreate error flow (Issue #2194)
  • doc: Add /dev/net/tun and /dev/fuse to docs
  • doc: Added command to install squashfs-tools in README.md
  • doc: Document config_get in pongo templates
  • doc: Fixed errors on api examples with curl
  • doc: Initial documentation for production use of LXD (Issue #2256)
  • doc: Shuffle packages a bit in README.md
  • lxd-bridge-proxy: Remove unused code
  • Makefile: Also have "make dist" run multiple go get
  • scripts: Make lxc-to-lxd work inside virtualenv (Issue #2175)
  • simplestreams: Fix size reporting (Issue #2223)
  • simplestreams: Handle images without labels
  • simplestreams: List images available as both squashfs and tar.xz
  • simplestreams: Properly deal with unset expiry
  • simplestreams: Set proper user-agent
  • simplestreams: Use the hashes in the right order (Issue #2239)

Downloads

The release tarballs can be found on our download page.

LXD 2.0.3 release announcement

28th of June 2016 This is the third bugfix release for LXD 2.0.

The changes since LXD 2.0.2 are

Notes:

  • The "unsquashfs" command is now a LXD requirement as it is needed to unpack the newer Ubuntu images.
  • The REST API will now return a 201 code accompanied with a Location header following a POST to an endpoint returning an Sync response. It used to be sometimes returning a 200 without the Location header.
  • Containers now get a /dev/fuse device by default.

Minor improvements:

  • extras: Better bash completion coverage
  • client/delete: Allow -f as a shortcut of --force
  • client/info: Include the certificate fingerprint in server info (Issue #2098)
  • client/info: Show remote in the --show-log example provided on error
  • core: Add squashfs support as needed by newer Ubuntu images
  • core: Tweak TLS cipher list a bit to allow browsers to talk to LXD (Issue #2034)
  • daemon/container: Setup /dev/fuse by default

Bugfixes:

  • client: Better handle connection errors
  • client: Check all alias args to support subcommand aliases (Issue #2095)
  • client/file: Don't modify file permissions on edit
  • client/image: Use the daemon provided fingerprint on image copy (Issue #2162)
  • client: Normalize the URLs in the client (Issue #2112)
  • client/remote: Fix a panic in 'remote add' (Issue #2089)
  • client/remote: Fix parsing of <FQDN>:<PORT>
  • core: Better handle PEM decoding errors (Issue #2119)
  • core: Check for zero byte send in ReaderToChannel (Issue #2072)
  • core: Fix a concurrent websocket write crash
  • core: Use default buffer size for WebsocketUpgrader
  • daemon: Add missing linebreak to lxd help
  • daemon/api: Set Location on sync POST requests (Issue #2092)
  • daemon/btrfs: Fix failure to restore on btrfs (Issue #2058)
  • daemon/certificate: Fail to add an existing certificate
  • daemon/config: Allow "none" as compression algorithm (regression fix)
  • daemon/container: Add target path to rootfs tarball in image export (Issue #1980)
  • daemon/container: Better handle bind mounts
  • daemon/container: GET of a nonexistent file now 404s (Issue #2059)
  • daemon/container: Make devices cgroup config more readable
  • daemon/container: Improve error message on disk setup failure
  • daemon/container: Use defer to undo changes on failed update
  • daemon/db: Don't try to chmod zfs.img when testing db upgrades
  • daemon/db: Don't try to update /var/lib/lxd/containers in go tests
  • daemon/init: Actually unset the storage keys
  • daemon/lvm: Don't call lvextend with recent LVM versions
  • daemon/migration: Setup some buffering for zfs/btrfs send
  • daemon/migration: Simplify checkpoint/restore code everywhere
  • daemon/migration: switch to the new LXC migrate API
  • daemon/zfs: Improve block device detection
  • daemon/zfs: Mount if not mounted (Issue #1888)
  • doc: Clarify ZFS snapshot shortcomings (Issue #2055)
  • doc: Drop JSON example from configuration.md
  • doc: Fix certificates JSON examples to cover all fields
  • doc: Fix typo in "unix-block" description
  • doc: Improve shared folder documentation (README) (Issue #2123)
  • lxd/patches: Add support for one-time patches (separate from DB schema updates)
  • Makefile: go get has become worse, now need 3 runs
  • Makefile: Update repository URL for xgettext-go
  • migration: Consolidate error handling
  • test: 201 is a valid return code for alias creation
  • test: Add a test for ReaderToChannel
  • test: Add test for "lxc file edit" target file owner and permission

Downloads

The release tarballs can be found on our download page.

LXD 2.0.2 release announcement

30th of May 2016 This is the second bugfix release for LXD 2.0 and its first security update.

CVE-2016-1581

Robie Basak noticed that after setting up a loop based ZFS pool through "lxd init" the resulting file (/var/lib/lxd/zfs.img) was world readable.

This would allow any user on the system, and a potential attacker to copy and then read the data of any LXD container, regardless of file permissions inside the container.

LXD 2.0.2 fixes the "lxd init" logic to always set the mode of zfs.img to 0600.

Additionally a one-time upgrade step will trigger on first run and reset any existing zfs.img mode to be 0600.

If you manage an affected system and suspect an unauthorized user may have accessed the zfs.img file, you should consider replacing any secret that was stored in the affected containers (private keys and similar credentials).

CVE-2016-1582

Robie Basak noticed that when switching an unprivileged container (default, security.privileged=false) into privileged mode (by setting security.privileged to true), the container rootfs is properly remapped but the container directory itself (/var/lib/lxd/containers/XYZ) remains at 0755.

This is a problem because it allows an unprivileged user on the host to access any world readable path under /var/lib/lxd/containers/XYZ which may include setuid binaries.

Such setuid binaries could then be used on the host to access otherwise unaccessible data or to escalate one's privileges.

LXD 2.0.2 fixes this behavior by making sure all privileged containers are always root-owned and have their mode set to 0700 to prevent traversal by unprivileged users.

Additionally a one-time upgrade step will trigger on first run and reset any existing privileged containers' ownership and mode to root:root 0700

Downloads

The release tarballs can be found on our download page.

Commits

LXD 2.0.1 release announcement

16th of May 2016 This is the first bugfix release for LXD 2.0.

The bugfixes since LXD 2.0.0 are

  • Don't fail to start when shmounts can't be mounted, instead fail container startup
  • Invalidate the simplestreams cache on proxy change
  • Write the container's config file on start to the log path directly
  • Fix crash in list due to empty responses (Issue #1903)
  • Fail when removing non-existent profiles (Issue #1886)
  • Document --alias to image import (Issue #1900)
  • Fix "lxc start" and "lxc stop" options (stateful/stateless)
  • Give better error on invalid source stream (simplestreams)
  • Add basic REST API usage example to README.md
  • Fix typo in lxc stop --help
  • Convert lxc-to-lxd to stable supported pylxd API (Issue #1901)
  • Properly log image update failures
  • Better validate and rollback bad images (Issue #1913)
  • Send operation return value through SmartError
  • Fix basic filtering in lxc list (Issue #1917)
  • Tell the user how to launch a container on first start (Issue #1931)
  • Redirect "remote" to "remote:" when not conflicting (Issue #1931)
  • Don't load the LXC config for snapshots (Issue #1935)
  • list: Allow filtering by unset key (Issue #1917)
  • Fix example in lxc launch
  • Update Japanese translation and other po files
  • Fall back to cpuset.cpus on older kernels (Issue #1929)
  • Properly validate the server configuration keys (Issue #1939)
  • Fix daemonConfig handling of storage
  • Don't remove config file on forkmigrate
  • Fix config handling following config validation change
  • Fixed Markdown syntax in documentation
  • Don't fail early when removing disks (Issue #1964)
  • Don't recursively delete devices
  • Don't fail when some unix devices fail to be deleted
  • Use the same config checks for unix-char and unix-block
  • Allow removing when fs object no longer exists (Issue #1967)
  • Do proper logfile expiry (Issue #1966)
  • Make logging a bit more consistent
  • Don't ignore zfs errors
  • Properly update the mode, uid and gid on existing files (Issue #1975)
  • Detect invalid certificate files (Issue #1977)
  • Fix broken apparmor status check
  • Allow on/off as boolean strings
  • Properly validate the container configuration keys (Issue #1940)
  • Don't mask rsync transfer errors
  • Move execPath to a global variable
  • Use custom netcat instead of nc -U for rsync over websocket (Issue #1944)
  • Fix wrong state dir path in migration
  • Don't fail deleting images when the storage delete fails
  • Improve messages in the Japanese translation
  • Add more checks for the criu binary
  • Rework (live) migration tests
  • Make it explicit in documentation that devices on create are optional
  • Properly record the source of all image copies (Issue #2010)
  • Don't mark containers as ERROR while being created (Issue #1988)
  • Cleanup events sent for operations (Issue #1992)
  • Fix ZFS refcounting issues (Issue #1916 and Issue #2013)
  • Propagate snapshot config when copying a snapshot (Issue #2017)
  • Implement lxc config show for snapshots
  • Add Unix socket example to REST API usage.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0 release announcement

11th of April 2016 This is the final release of LXD 2.0!

LXD 2.0 is a Long Term Support release, similar to LXC 2.0 and LXCFS 2.0 and so comes with a 5 years support commitment from upstream, ending on 1st of June 2021.

A walkthrough of the LXD 2.0 features can be found here: LXD 2.0: Blog post series

Packages for LXD 2.0 should be available in Ubuntu and other Linux distributions shortly.

Until then, you can just try it online using our demo service

The main changes since LXD 2.0.0 rc9 are

  • client: Add a json format option to "lxc list".
  • client: Recommend running lxd init
  • lxd: Allow setting security.privileged when nested

The bugfixes since LXD 2.0.0 rc9 are

  • client: Filter on expanded config rather than local config
  • client: Fix wrong mode being passed by file push
  • client: Show the snapshot name instead of the path
  • client: Tweak help messages
  • client: Update Japanese translation
  • core: Don't let umask mess with modes
  • core: Fix uid, gid and mode of retrieved files
  • core: zfs: Clean any leftover snapshot
  • core: zfs: Ignore non-LXD paths in user count
  • doc: Mark API as stable for release

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc9 release announcement

6th of April 2016

The main changes for this release are

  • The 1.0 API is now considered stable
  • A new lxd-benchmark tool has been added as part of the testsuite
  • The client has been translated into Japanese

Bugfixes

  • core: Check that the target is set on alias update
  • core: Don't use the cpu map from /proc/self/status
  • core: Fix all non-gzip compression algorithms
  • core: Improve ZFS reliability and performance
  • core: lxcbr0 is no more, replace it by lxdbr0
  • core: Prevent container actions while in setup mode
  • core: Set lxc.rootfs.bdev (performance improvement)
  • core: Stop the storage code after we're done remapping
  • core: Support holes in CPU usage (disabled CPUs)
  • core: Throttle the event listeners
  • core: Workaround bad go-lxc Start() behavior
  • extra: Update bash completion to use --fast (performance improvement)
  • list: Don't crash on missing disk or network info
  • lxd-bridge: Don't set link-local without a proxy
  • lxd-bridge-proxy: Bump port number to 13128
  • lxd-bridge: Run dnsmasq as the lxd user instead of the non-existing lxd-dnsmasq user
  • main: Have ActiveIfNeeded trigger if we have running containers
  • specs: Images are auto-updated every 6 hours
  • tests: Don't rely on the filesystem so much

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc8 release announcement

31st of March 2016

The main changes for this release are

  • The LVM volume size is now configurable through configuration rather than environment variables
  • "lxc image alias list" now supports filtering like the other list commands

Bugfixes

  • Fix initial exec size
  • Fix wrong packets sent value
  • Workaround RemoveAll failures on long paths
  • doc: Fix bad markdown
  • Apply all templates at container startup time
  • simplestreams: cleanup
  • Use fork for command execution
  • Failure to unload the apparmor profile isn't fatal
  • Prevent deadlock on container stop failure

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc7 release announcement

28th of March 2016

The main changes for this release are

  • "lxc info" now reports resource consumption
  • Improved bash completions
  • Implement container creation from image properties

Bugfixes

  • exec: remove dead code path
  • exec: send initial window size
  • exec: client: don't always send window size
  • exec: only access terminal size in interactive mode
  • docs: s/initial/Initial
  • Tests: Don't translate lxc output for parsing it.
  • Workaround a URL parser issue
  • Clarify the ZFS restore error
  • lxd-bridge: Don't fail due to missing IPv6

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc6 release announcement

23rd of March 2016

The main changes for this release are

  • New daemon "setup mode" to be used to feed configuration to the LXD daemon after startup and before it starts spawning containers.
  • The "get", "set" and "unset" commands have been added to "lxc config device" and "lxc profile device"
  • Broken containers are now marked as "ERROR" in "lxc list" rather than being hidden

Bugfixes

  • lxd init: clarify no port is wanted with server address
  • lxd init: accept empty trust password
  • lxd init: recommend port 8443
  • README: document composing docker and default profiles.
  • Rename IsMock to MockMode
  • Cleanup daemon initialization
  • Remove the startDaemon function
  • Cleanup function names in main.go
  • Improve waitready
  • Fix permissions of new devices nodes
  • Allow the bridge to be brought down even if disabled
  • Some more lxd-bridge fixes
  • lxd-bridge: Make shellcheck happy

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc5 release announcement

21st of March 2016

The main changes for this release are

  • Fix DELETE /1.0/images/ to actually be Async. This is a minor API change to match the specification and will break backward compatibility with older clients (only when performing image deletion).
  • The deprecated lxd-images script has now been entirely removed.

Bugfixes

  • Improve error reporting on image POST
  • Fix error handling logic around snapshots
  • Fix container shutdown to actually happen in parallel
  • Document 'auto_update' parameter for 'POST /1.0/images'
  • stateful start: rework behavior
  • stateful snapshots: rework behavior
  • Bind-mount mqueue if unprivileged
  • update documentation on using docker in containers
  • bump the monitor timeout to 5s
  • lxd-bridge: Some tweaks

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc4 release announcement

16th of March 2016

The main changes for this release are

  • Support for recursive bind-mounts (recursive property on disk entries)
  • Add a new "ERROR" state for containers, used to indicate a communication problem with LXC
  • Make it possible to have templates only apply for non-existing files (create_only property)
  • All the specifications have been updated and moved to the doc/ directory
  • /dev/lxd access is now restricted to uid 0 in the container

Bugfixes

  • devices client: only print success message when successful
  • Fix devlxd failing to detect container
  • Have "device show" print yaml
  • specs: Clarify image handling
  • specs: Remove command-line-user-experience
  • specs: Remove dia database diagram
  • specs: Clarify the daemon spec
  • specs: Update /dev/lxd spec to match current state
  • specs: Update environment variables list
  • specs: Update SSL spec to match current state
  • specs: Re-format the migration document
  • specs: Update requirements
  • specs: Update storage backend spec
  • specs: Update userns to match reality
  • docker profile: add the apparmor enabled overmount
  • More strictly parse remote URLs
  • Fix devlxd access outside of an exec session
  • Return better errors for public and simplestream remotes
  • Block sys_rawio by default

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc3 release announcement

11th of March 2016

The main changes for this release are

  • GET /1.0/containers/NAME/snapshots/SNAPNAME now returns the configuration and devices included in the snapshot
  • Three new configuration options have been introduced to configure the daemon to use an HTTP proxy
    • core.proxy_https (if not set, uses HTTPS_PROXY env variable)
    • core.proxy_http (if not set, uses HTTP_PROXY env variable)
    • core.proxy_ignore_hosts (if not set, uses NO_PROXY env variable)
  • Cache remote simplestream data for an hour in the daemon so we don't hammer the remote server
  • Allow for auto-update of images coming from a LXD server

Bugfixes

  • Change ConnectInfo to take a RemoteConfig.
  • Workaround kernel overmounting protection
  • migration: attempt to be slightly smart about moving filesystems
  • tests: disarm the gremlins by comparing things in UTC
  • zfs: fix handling of the "snapshot only" send case
  • Allow reducing the LVM LV size and update tests
  • profiles: don't mask error message when not found
  • mounting: only block devices hold filesystems
  • Rework event locking
  • Fix panic due to concurrent read/edit of container lock
  • zfs: Skip the pool header line
  • Make it clear that the init arguments only apply in auto mode
  • Fix error message when snapshotting with existing name
  • lvm: make errors log as errors
  • Don't generate client certificates when calling NewClient
  • Fix parsing image names
  • Forward errors from forkgetfile and forkputfile
  • Make changing https_address more reliable
  • migration: don't defer cleanup of sending snapshots

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc2 release announcement

7th of March 2016

The main changes for this release are

  • Add configuration keys for the rest of the CORS headers
  • Get one step closer to dropping lxd-images, lxd-images is now just a shim
  • Deprecate support for Go < 1.5 as some of our dependencies dropped 1.4 support

Bugfixes

  • Fix image import from remote lxd using aliases
  • Fix creation of extra volatile entries
  • Fix testsuite for when stdout is a file
  • Initialize the storage driver before messing with images
  • Restrict lxd init to root
  • Only attempt to load containers AFTER the socket is setup
  • Fix default protocol in image download
  • Only setup forwarding when an IP is set
  • client: add default config in NewClientFromInfo
  • Fix incorrect device type in dbUpdateFromV26

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.rc1 release announcement

2nd of March 2016 This is the first release candidate for LXD 2.0. This means that we believe all features required for LXD 2.0 have now been merged and we only expect bugfixes and minor usability improvements to land between now and final release.

The main changes for this release are

  • Support for the Cgroup namespace.
  • It is now possible to set the lxc.network.X.ipv{4,6}[.gateway] raw.lxc keys (with usual caution with regard to raw.lxc)
  • /proc and /sys are now clean straight mounts when the container is unprivileged
  • The scope of IP addresses is now exported and used to filter local addresses out by default
  • lxc exec now defaults to non-interactive mode when stdout isn't a tty
  • All the tables rendered by the client now look alike
  • Simplestreams is now natively supported by both the client and the server, eliminating the need for lxd-images
  • Background image syncronization is now supported by the server and done by-default for all cached images
  • The last time an image was used and whether it's stored in the cached is now exported over the API and visible in "lxc image info"
  • Profiles now have a description field
  • It is now possible to do a stateful container stop where the container is checkpointed to disk rather than killed, then resumed on next start.
  • A "docker" profile is now present by default with those settings required to be able to run Docker inside a LXD container.
  • Image import now reports upload progress.

Bugfixes

  • Refactor the GenCert function so it can be reused.
  • tests: get rid of commented out code
  • Rework lxd.NewClient so we don't need a disk cache.
  • shared: export limit parsing function
  • Add upgrade procedure to README
  • websocket: fix panic() on concurrent writes
  • Don't allow the state functions to fail
  • specs: Remove section on Etag (not implemented)
  • specs: Fix rest-api layout
  • list: Fix crash on PID column
  • Fix name printing on lxc init
  • Fix a variety of issues with blkio limits
  • Fix hardcoded architecture path in apparmor profile
  • tests: Fix failure on networked test
  • tests: Fix the number of certs check
  • Fix snapshot configuration
  • Don't rely on the filesystem to check if stateful
  • Catch checkpoint failures
  • Fix DB test
  • Better lock around event listeners
  • Fix container not rebooting properly
  • Add package "make" to build dependencies installation command
  • Don't stop at an unsatisfactory sub?id entry
  • client: better error on lxc stop remote:
  • Just use the shared struct whenever possible in the client
  • Fix download progress on launch
  • Fix alignment of numbers in tables

Upgrade notes

  • This release deprecates the lxd-images tool, instead use the ubuntu: and ubuntu-daily: default remotes to achieve the same feature. If you absolutely must copy an image into the local store, it can be done with "lxc image copy ubuntu:14.04 local: --alias ubuntu".

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta4 release announcement

23rd of February 2016

The main changes for this release are

  • REST API changes
    • The API versioning data at /1.0 has changed, now includes, api_status, api_version and api_extensions
    • Architecture fields are now returned as strings instead of obscure integer
    • GET /1.0/containers/NAME/state has been reworked, now includes more detailed network information, disk usage information as well as memory consumption data.
  • New --fast mode for "lxc list" which only lists "cheap" fields
  • The container architecture is now listed in "lxc info"
  • Add process count limit (pids cgroup)

Bugfixes

  • Fix container creation from remote image alias
  • Fix Content-Type value for errors
  • Don't stop containers before asking the user
  • Re-implement terminal functions through cgo (fixes ppc64el)
  • Allow access to /dev/zero
  • tests: Keep pprof self-contained
  • Use iproute2 instead of bridge-utils
  • lxd-images: Fix sync
  • allow cgroupfs mounting on cgns kernels
  • Optimize container process count (use pid cgroup)
  • Fix file push permissions
  • list: Query containers by batch of 10
  • Only re-balance on host network changes
  • list: Attempt to optimize the go routines slightly

Upgrade notes

  • This release breaks backward compatibility with older LXD versions. Please make sure all your clients and servers run the same version.
  • See notes above for changes to the REST API.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta3 release announcement

18th of February 2016

The main changes for this release are

  • "lxc publish" can now be forced to publish running containers (it will temporarily stop them)
  • "lxc image list" now shows images sorted by description
  • Complete review of the REST API and update to make it all match the specification.
    • GET /1.0 now shows the "public" field
    • GET /1.0/certificates now returns a valid list of endpoints
    • GET /1.0/containers/NAME for performance reasons no longer returns the detailed container runtime status ("status" key), a separate query to /1.0/containers/NAME/state is now needed
    • GET /1.0/containers/NAME/logs now returns a valid list of endpoints
    • POST /1.0/containers/NAME/snapshots no longer requires the "stateful" field to be set (defaults to false)
    • POST /1.0/images now lets you override "properties" and "filename" for all supported input types
    • GET /1.0/images/aliases/NAME now returns valid data (the "name" and "target" fields were swapped)
    • POST /1.0/images/aliases/NAME has been implemented
    • PUT /1.0/images/aliases/NAME has been implemented
    • GET /1.0/images/FINGERPRINT no longer shows an empty "target" field for aliases
    • GET /1.0/networks/NAME has been re-designed
    • GET /1.0/operations/UUID/wait?timeout=X now actually times out
    • POST /1.0/profiles/NAME has been implemented
    • All timestamps are now RFC3339 strings and consistently named (created_at, updated_at, expires_at, uploaded_at)
    • Syncronous replies no longer contain an empty "operation" field
  • Extra security now applies for cross-server communication:
    • Unless a certificate is passed along with the query, the following operations now require the remote certificate to be valid according to system CA:
      • Container creation from migration (copy, move & live migration)
      • Container creation from remote image
      • Image copy from other LXD server
      • Image import from https
    • The command client will automatically set the necessary "certificate" field for you for those requests
  • Starting with this release, Go 1.3 is no longer supported by LXD.

Bugfixes

  • Fix invalid container name in lxc file
  • tests: Add test for aliases with slashes
  • Fix updating ephemeral and architecture flags
  • Clarify publish error message a bit
  • Fix interacting with aliases with a trailing slash
  • specs: Update rest-api to match reality
  • Don't move the image into place until it's been parsed
  • Make sure we always use the right dialer and proxy
  • specs: Fix wrong key name
  • Fix lxc file on Windows
  • Fix broken DB migration when upgrading from LXD 0.27 or older
  • Avoid global variables in client tool
  • Fix errors due to early failure to connect
  • Always export the file size on transfer
  • Fixed some typos
  • lxd-images: Register atexit at init time
  • specs: Update storage spec for btrfs send/receive
  • Use upstream go-systemd (this breaks backward compatibility with Go 1.3)

Upgrade notes

  • This release breaks backward compatibility with older LXD versions. Please make sure all your clients and servers run the same version.
  • See notes above for changes to the REST API and security policies.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta2 release announcement

10th of February 2016

The main changes for this release are

  • /dev/console has been re-enabled
  • The btrfs backend now supports optimized container transfer (send/receive)
  • Source file ownership and permissions are conserved by default on "lxc file push"
  • Both "lxc list" and "lxc image list" now accept regular expressions as filter
  • lxc info now shows the container creation date (if known), the list of profiles and detailed snapshot information
  • Recursive aliases are now supported in the client (e.g. "delete: delete -f")
  • "lxc delete" now requires a "-f/--force" flag when run against a running container
  • "lxc delete" now has a -i option to always request user confirmation on delete

Bugfixes

  • Fix building LXD on arm64
  • Fix "make dist" for new version numbers
  • specs: Re-sync database spec with reality
  • Fail when unsetting a key that's not currently set
  • Remove backward compatibility code
  • Fix copying snapshot as new container root
  • Fix failure to stop snapshots on migration failure
  • Fix migration of snapshots using rsync
  • Implement migration fallback to rsync
  • Change ShiftIfNecessary to shift on startup
  • make i18n for profiles output in info
  • reduce verbiage to fit help text more efficiently
  • Make blkio limits more robust
  • add eth0 "name" to the default profile
  • only print profile applied message on success
  • init: Attempt to modprobe the zfs module
  • init: Use zpool create -f to work on unformatted disks
  • init: Improve detection of available backends
  • zfs: Fix cross-backend copies
  • fix stresstest.sh to use byte suffix for limits.memory
  • fix command-line-user-experience examples of limits.memory to include byte suffix

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 2.0.0.beta1 release announcement

26th of January 2016

The main changes for this release are

  • "lxc config edit" now works to edit the local server configuration
  • Add support for block I/O limits
  • Add support for network I/O limits

Bugfixes

  • error out on deleting nonexistent alias
  • Fix LXC config rendering
  • Improve detection of text editor
  • Fix "lxc file edit"
  • Add network limits
  • Fix IPv6 handling in daemon code
  • Update specs and documentation on file pull/push
  • Better deal with broken LXC
  • Update README to avoid setting a mountpoint for zfs
  • Print message on successful copy of image
  • Fix small typo s/sucessfully/successfully
  • Improve forkstart debugging
  • Always call Rename() when not migrating
  • Use a tempfile for image uploads
  • report errors if the restore call's start command fails
  • Truncate the target on file transfer
  • Mention that raw keys are risky
  • Allow writes to /dev/tty in privileged containers
  • implement stateful snapshot restore
  • don't fail to delete when deleting snapshots fails

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.27 release announcement

19th of January 2016

The main changes for this release are

  • Support for container disk quota (zfs and btrfs only)
  • Download progress during image copy and container launch
  • Initial work on a LXC to LXD script (supports almost every configuration except for unprivileged containers)
  • New linux.kernel_modules container property (list of modules to load before starting the container)
  • New core.https_allowed_origin server property (controls the Access-Control-Allow-Origin header)
  • Profile changes are now live-applied to all affected containers
  • "lxc config edit" now works against servers too
  • Changes to security.nesting are now live-applied
  • Support for xfs with the lvm backend
  • "lxc image list" now supports filtering (by name, hash and properties)
  • Improved bash completion profile
  • The default remote is now visible in "lxc remote list"
  • "lxc info" now indicates whether a container is ephemeral or persistent
  • Various improvement to help messages

Bugfixes

  • Set a default http timeout of 10s
  • Don't crash during publish when metadata.yaml is missing
  • Improve error reporting during migration
  • Improve error reporting during copy
  • Make sure containers are only removed from the database once removed from disk
  • Make sure images are only removed from the database once removed from disk
  • Fix LVM backend on LVM > 2.02.99
  • Improve DB performance when under heavy load
  • Correctly uidshift unprivileged CRIU images
  • Fix a race in forkmigrate
  • Fix race condition in event interface
  • Fix screen corruption when lxd-images hits an error
  • Don't ignore provided devices at create time
  • Fix web server to support all URLs with and without trailing slash
  • Make it possible to unset the zfs pool
  • lxd-setup-lvm-storage: Add default size of 10G
  • api: {Save|Load}Config should take a path as an argument
  • Fix automatically adding veth interface to the host bridge
  • Fix unsetting zfs pool when snapshots used to exist

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.26 release announcement

4th of January 2016

The main changes for this release are

  • New "host_name" network interface property that specifies the name of the host side veth device
  • It is now possible to pull/push/edit files of a stopped container
  • It's now possible to specify what "lxc list" columns to show (including a new PID column)

Bugfixes

  • Properly inherit the active CPU map rather than assuming all CPUs are usable
  • zfs: Fix a couple of race conditions
  • lvm: Fix creation of container from an image
  • Cut down network round trips in half by not calling Finger() every time
  • Fix invalid permissions on container shmounts and devices directories
  • Fix container teardown not always cleaning up devices & mounts
  • Improve performance of host-triggered container stop/restart (5s faster)
  • Make lxd callhook timeout after 30s (instead of hanging indefinitely on failure)
  • Cleanup and document the testsuite
  • Fix remote certificate handling on add/rename/remove

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.25 release announcement

21st of December 2015

The main changes for this release are

  • New --mode argument to "lxc exec", makes it possible to force non-interactive mode.
  • Full support of the s390x architecture (IBM z/series 64bit)
  • Command aliases can now move the command arguments by using the @ARGS@ keyword
  • Full support for CPU limits (defaults to all CPUs, maximum priority and no time limit):
    • limits.cpu: Number of CPUs (e.g. 2) or range of core (e.g. 0,2-3)
    • limits.cpu.allowance: Percentage of CPU time under load (e.g. 50%) or hard time limit (10ms/50ms)
    • limits.cpu.priority: Container priority when host is under load as a value between 1 (lowest) and 10 (highest) (e.g. 5)
  • Full support for memory limits (defaults to all memory, hard enforcement, swap enabled and maximum priority):
    • limits.memory: Limit in bytes (kB, MB, GB, TB, PB, EB suffixes supported) (e.g. 256MB) or in percentage of the host memory (e.g. 20%)
    • limits.memory.enforce: hard (container cannot use more memory than allocated) or soft (limit only applies under load)
    • limits.memory.swap: true or false, indicates whether the container may use the swap
    • limits.memory.swap.priority: Priority for swap usage, from 1 to 10, with 1 causing the most data to be swapped out to disk
  • All CPU and memory limits are now applied live.
  • Support for optimized (send/receive) ZFS container & snapshot migration

Bugfixes

  • Fix a variety of storage race conditions as identified by new tests
  • lxd-images: Give clearer error messages
  • Fix image expiry logic
  • Refactor logging code
  • Fix migration code to be spec-compliant
  • Detect available CGroup controllers
  • zfs: Prevent restoring from old (not latest) snapshosts
  • Report clearer errors when adding devices to containers
  • zfs: Fix container rename
  • lvm: Fix container rename
  • lvm: Workaround failure on older LVM versions
  • lvm: Hide fdleak messages
  • Move some directories around for consistency
  • exec: lock fds map for exclusive writes
  • lvm: Fix snapshot rename handling
  • lvm: Fix container snapshot migration
  • Fix container DB cleanup (leftover records)
  • Fix image cleanup (leftover records)
  • Use the host architecture when container arch == 0
  • Do config & device validation upstream
  • Cleanup DB leftovers
  • Return a clear error message when an image already exists
  • Only return remote_cache_expiry if set
  • Flush volatile when they don't apply

Testsuite

  • The testsuite can now be run with all storage backends
  • Several race conditions have been eliminated
  • The testsuite now checks that the filesystem structure is clean
  • The testsuite now checks that the database tables are clean
  • Fix a couple of tests whose failure was being ignored
  • Dramatically speed up testsuite by using --force-local
  • Use shutdown and waitready commands

Upgrade notes

  • limits.memory suffixes are now kB, MB, GB, TB, EB and PB. Old suffixes are upgraded as a one-time operation on the next LXD startup.
  • The migrate REST API call now takes a https URL to the source operation rather than a wss URL to the secrets. This was changed to match the specification.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.24 release announcement

8th of December 2015

The main changes for this release are

  • Support for macvlan network interfaces
  • Support for physical network interfaces
  • Support for building on s390x
  • Snapshots are now transfered along with their parent container on copy/move
  • A CPU scheduler for limits.cpu has been implemented
  • "lxc config unset/set" now works against a remote server

Bugfixes

  • Improved IP rendering in "lxc list"
  • Fix apparmor handling in nested containers
  • Fix various hangs and failures during device hotplug
  • Image publishing from a snapshot now produces the exact same output every time
  • Fix publishing of snapshots
  • Fix our translation layer by switching to an alternative gettext implementation
  • Switch UUID implementation to an alternative implementation
  • Drop migratable profile (current CRIU can migrate a standard container)
  • Create missing directories when mounting a disk into a container
  • Serialize image creation (reduces overall load)
  • Various ZFS bugfixes (load kernel module when missing, re-try destroys and better handle mounts)
  • Completely rework the LXC container driver to be simpler and more reliable
  • Prevent setting volatile keys on profiles
  • Automatically cleanup stale volatile keys
  • Fix launching un-named (randomly named) containers

Upgrade notes

  • Older lxc clients will hang on exec against a newer server, make sure to update the client.
  • limits.cpus is now called limits.cpu, a one-time migration is done at LXD startup.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.23 release announcement

24th of November 2015

The main changes for this release are

  • A new "lxd init" command is available to help setup storage, network and password on new LXD installations
  • Log messages are now sent over the events API
  • New process count metric available in the containers API and in "lxc info"
  • Console color support on Windows
  • Rewritten operations handling, now includes events for each changes and includes download status
  • "lxc image import" can now take the URL to an https webserver advertising a LXD image through HTTP headers
  • The minimal HTTP proxy shipped by LXD has been rewritten to be even lighter

Bugfixes

  • "lxc config get \<server-config-key>" now works as expected
  • lxd-images: Much lower memory usage when importing an image
  • More readable log entries over the events API
  • Event filtering in "lxc monitor" now works properly
  • Container architectures are now properly tracked
  • LXD now ensures that published containers will always have metadata in their image
  • Container copy now copies devices and config properly
  • Image import failure now result in proper error messages
  • "lxc info --show-log" is now also suggested on "lxc launch" failures

Upgrade notes

Users of the operations API may have to update their code to suit the new operation code. The new implementation is now specification-compliant, meaning that all operation queries always return a full operation object wrapped in an Async reply and with operation-specific properties inside the metadata.

The "lxc" client was updated to be backward compatible when possible.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.22 release announcement

10th of November 2015

The main changes for this release are

  • Freeze containers before killing them (helps with fork bombs)
  • Configurable image compression algorithm (also supports no compression)
  • Support using an HTTP proxy when downloading a remote image
  • Initial implementation of the events interface and minimal client for it (lxc monitor)

Bugfixes

  • Don't remove the main LXD socket when starting a second daemon
  • On failure to add a remote, cleanup the cached certificate
  • LXD no longer requires a client certificate to talk to public endpoints
  • Better error and debug messages for checkpoint/restore and container startup
  • Fixed a race condition during container startup
  • Update the busybox test image to avoid an occasional hang
  • lvm-setup: Update to work on older Ubuntu releases
  • Fix extraction of bz2 compressed images
  • Fix a number of fd leaks
  • Fix shmount handling to avoid creating an extra mount everytime LXD starts
  • lxd-images: Fallback to the daily stream if an image can't be found in the releases stream
  • Fix a uid/gid mapping issue on container copy
  • Fix a LXD hang on invalid LXC configuration key

Upgrade notes

This LXD version corrects a problem in the implementation of the images API, as a result, some actions against older servers or using older clients may fail.

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

LXD 0.21 release announcement

27th of October 2015 The main changes for this release are:

  • Client is now buildable on Windows.
  • Default LVM volume size has been reduced to 10GB.
  • Command aliases can be setup in the client.
  • "lxc info" now prints server information too.
  • It's now possible to use a nested LXD on btrfs storage.

Additionally:

  • Various storage backend fixes
  • Better error handling and error reporting
  • A lot of bugfixes (no known bugs left at time of release)

Downloads

The release tarballs can be found on our download page.

LXD 0.20 release announcement

14th of October 2015 The main changes for this release are:

  • Container restart is now implemented as stop + start (reloads all config)
  • Config key=value can now be passed at launch time using --config/-c
  • A new "pause" command is now available to temporarily freeze a container
  • Cached images are now private by default
  • You can now publish a remote container into the local image store
  • It is now possible to add character or block devices to a container
  • The image size is now shown in the image list

Additionally:

  • Various storage backend fixes
  • Better error handling and error reporting
  • Improved testsuite
  • A lot of bugfixes (no known bugs left at time of release)

Downloads

The release tarballs can be found on our download page.

LXD 0.19 release announcement

29th of September 2015 The main changes for this release are:

  • ZFS support
  • Support for container nesting
  • Allow setting multi-line configuration keys by reading from stdin (using "-" as the value)
  • It's now possible to make an ephemeral copy of a container (-e/--ephemeral flag)
  • Public read-only servers are now auto-detected (no more --public needed)
  • lxd-images now supports updating existing images (when using the --sync flag)
  • It is now possible to mark/unmark images as public (through the edit command)

Additionally:

  • A completely reworked testsuite
  • Some refactoring in preparation for a Windows client
  • Updated documentation and specifications
  • A lot of bugfixes (no known bugs left at time of release)

Note that due to an API implementation problem in past releases, older command line clients will fail to interact with LXD 0.19's image store. Such clients should be upgraded to 0.19.

Downloads

The release tarballs can be found on our download page.

LXD 0.18 release announcement

15th of September 2015 The main changes for this release are:

  • lxc: Add a new --force-local argument
  • lxc: Allow file push/pull using stdin/stdout
  • lxc: Rework translation template
  • lxd/core: Fix image creation of privileged containers
  • lxd/core: implement per-container apparmor profiles
  • lxd/core: implement per-container seccomp profiles
  • lxd/core: Fix socket-activation on exit
  • lxd/core: Add support for nested LXD
  • lxd/btrfs: Fix shared mount detection on btrfs
  • lxd: Implement new "shutdown" sub-command
  • lxd: Implement new "activateifneeded" sub-command
  • scripts: Add script to set up and delete LVM storage
  • A bunch more fixes, tests and other improvements

Downloads

The release tarballs can be found on our download page.

LXD 0.17 release announcement

1st of September 2015 The main changes for this release are:

  • lxc: Add a new "lxc file edit" command
  • lxc: Add support for public remotes
  • lxc: Support adding a remote by its IPv6 address
  • lxd/core: Fix building with Go 1.5
  • lxd/core: Allow renaming snapshots
  • lxd/core: Add a new /logs REST API to containers
  • lxd/core: Export the storage backend name and version
  • lxd/btrfs: Support for recursive subvolume snapshot and removal
  • lxd/lvm: Add snapshot support
  • lxd/lvm: Add container copy support
  • lxd/lvm: Add container rename support
  • lxd/lvm: Disallow changing LVM config if pool is in use.
  • lxd/lvm: Document LVM config keys in specs
  • lxd-images: Deprecate "lxd images import lxc"
  • lxd-images: Print the manifest URL
  • lxd-images: Default to the "releases" stream for Ubuntu images
  • vagrant: Support running in vmware
  • A bunch more fixes, tests and other improvements

Note that as of this release, the use of "lxd-images import lxc" is deprecated in favor of using the images.linuxcontainers.org remote.

For example:

lxd-images import lxc centos 7 amd64 --alias centos
lxc launch centos my-container

Now becomes:

lxc remote add images images.linuxcontainers.org    # one-time setup
lxc launch images:centos/7/amd64 my-container

Downloads

The release tarballs can be found on our download page.

LXD 0.16 release announcement

18th of August 2015 The main changes for this release are:

  • Added container auto-start support, includes start delay and start ordering
  • Support copying container and images from a local (unix socket) to a remote (https) daemon
  • Remap the unprivileged containers when transferring between hosts with differing allocations
  • Remap existing containers when their idmap changes or when they're switched between privileged and unprivileged
  • The EDITOR variable is now properly respected
  • When starting a container from a remote image, the cached image now expires
  • New --public flag added to lxd-images
  • Allow --stateful snapshots
  • And a lot of bugfixes, performance and test improvements

Downloads

The release tarballs can be found on our download page.

LXD 0.15 release announcement

4th of August 2015 The main changes for this release are:

  • Added storage and network hotplug
  • Improved logging
  • Improved LVM and btrfs backend
  • /dev/lxd now works with gccgo
  • Added new environment.* configuration namespace to set environment variables inside the container
  • Init and launch now print the container name
  • lxd-images now defaults to Ubuntu 14.04 LTS
  • --tcp has now been replaced by the core.https_address config option
  • Improved LVM and btrfs support
  • Add some LXD speed tests
  • New "make client" target to only build the LXD client (use this for MacOS X)
  • Introduce new scripts and http proxy code for a lxdbr0 bridge
  • Rework internal storage representation
  • Rework internal container representation
  • Rework internal database representation
  • Various testsuite improvements
  • A lot more bugfixes and other small improvements

This release moves containers from /var/lib/lxd/lxc to /var/lib/lxd/containers and snapshots from /var/lib/lxd/lxc/\<name>/snapshots to /var/lib/lxd/snapshots/\<name>. To do so, LXD will stop all containers on the next startup, then start them again after moving everything to the new location.

The --tcp daemon option has been replaced by the core.https_address option allowing users to change the address and port LXD binds to. Changes are now applied immediately.

Downloads

The release tarballs can be found on our download page.

LXD 0.14 release announcement

21st of July 2015 The main changes for this release are:

  • Improve command line help
  • Improve LVM backend (only mount/umount storage while the container is running, ...)
  • Rework certificate handling (user interface, generation and recursive query support)
  • Fix a publish bug that would lead to invalid images
  • Fix IPv6 support of container copy/migration
  • New logging code (syslog support, logfile support and log levels)
  • Implement support for "split" images (separate metadata and rootfs)
  • Add download progress tracking to lxd-images
  • Detect and report architecture mismatches
  • Direct image copy between servers is now supported
  • /dev/lxd now supports the meta-data interface
  • Ubuntu cloud images may now be imported using lxd-images
  • Other code improvements (golint, refactoring, compression handling, tests, ...)

This is the first LXD release to support the official Ubuntu Cloud images. At this time, those are only available for the current development release (wily) but we hope to have images for all supported Ubuntu releases over the next few days.

To import one of those images into your LXD image store, run:

lxd-images import ubuntu --alias ubuntu-cloud

Downloads

The release tarballs can be found on our download page.

LXD 0.13 release announcement

7th of July 2015 The main changes for this release are:

  • Add support for LVM thin pools as a storage backend.
  • Add basic bash completion
  • Implement the "publish" command, turning a container into an image
  • Improve file push/pull reliability
  • Make it possible to start/stop/restart/delete multiple containers at once
  • Fix build under gccgo (currently disabling /dev/lxd in such case)
  • Improve btrfs performance during container copy
  • A lot of other bugfixes, minor improvements and cleanups

This is the first release of LXD where the client may be built on operating systems other than Linux. At the moment, MacOS X has been confirmed to work and Windows is known not to work, other Unix may work too but haven't been tested.

Downloads

The release tarballs can be found on our download page.

LXD 0.12 release announcement

23rd of June 2015 The main changes for this release are:

  • Implement /dev/lxd
  • Fix initial console size on exec
  • Reduce memory footprint of migration
  • Use user readable date strings in the API
  • Allow unset for server config keys
  • Fix various race conditions with exec
  • Switch to a pure-go gettext implementation
  • Set proper Content-Type on all replies
  • Show the host veth device in info
  • Some changes to better support Snappy ubuntu
  • Various other bugfixes
  • Improve help messages
  • Improve testsuite
  • Initial German translation

Downloads

The release tarballs can be found on our download page.

LXD 0.11 release announcement

9th of June 2015 The main changes for this release are:

  • File templating support in images
  • Socket activation with Systemd
  • Support for clean shutdown and container restart on startup
  • Implement "lxc image show"
  • Implement SIGWINCH support in exec (terminal resize event)
  • Make all configuration keys spec-compliant
  • Fix "lxc image edit"
  • Allow running the testsuite without any outside connectivity
  • Improve testsuite output to be more readable
  • And the usual set of bugfixes.

NOTE: The key to set a server password is now, core.trust_password. On first startup of LXD 0.11, all the old supported names will be converted to the official one.

Downloads

The release tarballs can be found on our download page.

LXD 0.10 release announcement

26th of May 2015 The main changes for this release are:

  • Implemented snapshot restore
  • New --accept-certificate flag to lxc remote add
  • New --password flag to lxc remote add
  • Added "lxc profile device show" and " lxc config device show"
  • "lxc config show" and "lxc config set" now work for server configuration
  • lxc profile edit and lxc config edit now accept configuration on stdin
  • Added recursion support to /1.0/images/aliases API
  • Added recursion support to /1.0/containers/{name}/snapshots API
  • The command line client no longer depends on go-lxc
  • Re-worked uid/gid allocation and uid/gid shifting
  • Improved help and usage
  • Improved lxc list rendering
  • Improved lxc profile show and lxc config show
  • Improved debug messages
  • The LXD version is now exported on /1.0
  • Improved README
  • SSL certificates now expire after 10 years
  • Various test improvements and bugfixes

Downloads

The release tarballs can be found on our download page.

LXD 0.9 release announcement

12th of May 2015 The main changes for this release are:

  • Fixed memory and file descriptior leaks (and add extra tests for those)
  • Fallback to chmod when setfacl fails (filesystem without ACLs support)
  • Fixed container logging and make it available through lxc info (--show-log)
  • Setup the right uid/gid map for privileged containers
  • Report invalid configuration in "lxc config edit" and "lxc profile edit"
  • Improved the first use experience and the profile/config examples
  • Rename "lxc config profile *" to "lxc profile *" (old syntax is still supported)
  • More reliable database handling
  • Container copies get a new MAC address
  • USER is now set in the container environment (on exec)
  • Track the image used to build the container and use this to optimize copy/migration
  • Improved database testing
  • Fixed pts device owneship on exec
  • Fixed raw.lxc being applied too early (resulted in broken lxc.network.script and others)
  • Better argument parsing in both lxc and lxd
  • Improved performance in container and network listing
  • Fixed certificate name conflicts in the trust database

Downloads

The release tarballs can be found on our download page.

LXD 0.8.1 release announcement

29th of April 2015 Bugfix only release on top of 0.8 fixing some regressions:

  • Fix building on all architectures
  • Change the go-protobuf repository URL

Downloads

The release tarballs can be found on our download page.

LXD 0.8 release announcement

28th of April 2015 The major changes for this release are:

  • Fixed uid/gid in lxc file push
  • Respect PROXY environment variables
  • Fix database locking issues
  • Add more debugging options
  • Various fixes to ephemeral containers
  • Fix creating a new container from a snapshot
  • When available, use btrfs subvolumes for faster container creation

Downloads

The release tarballs can be found on our download page.

LXD 0.7 release announcement

14th of April 2015 The major changes for this release are:

  • Containers can now be started from a private image
  • Ephemeral containers are supported
  • Improved debugging
  • Some documentation update
  • A few more minor fixes

Please note that it's still early in the LXD development and that current LXD isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

Downloads

The release tarballs can be found on our download page.

LXD 0.6 release announcement

7th of April 2015 The major changes for this release are:

  • Added a vagrant configuration file
  • The container's MAC address is now persistent
  • Variety of fixes regarding remote servers handling
  • Recursive query support (massive speed improvement for image servers)
  • TLS now configured to only support strong ciphers
  • Support setting aliases at image import time
  • Improved test coverage
  • Improved error messages on the client
  • Fix privileged containers handling
  • LXD can now be built on powerpc
  • And a lot more bugfixes and tweaks

Please note that it's still early in the LXD development and that current LXD isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

Downloads

The release tarballs can be found on our download page.

LXD 0.5 release announcement

24th of March 2015 The major changes for this release are:

  • IPv6 support for remote servers
  • Check if the remote server happens to have a certificate which is trusted by the system
  • Implemented "lxc image copy"
  • Improved remote handling (default configuration, support for https:// and unix:// and a bunch of convenient aliases)
  • API consistency for key/value storage (always exported as dictionaries)
  • Remote images can now be started by their long or short hash
  • Remote image properties are now properly mirrored in the local cache
  • A lot of database locking issues have been resolved

Please note that it's still early in the LXD development and that current LXD isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

At this point, most core LXD features are present but many of the particular options aren't implemented yet (don't match our specifications), we expect to make great progress in supporting all of the expected options over the next couple of releases.

Downloads

The release tarballs can be found on our download page.

LXD 0.4 release announcement

17th of March 2015 The major changes for this release are:

  • Support for starting a container from a remote image
  • Support for copying/moving containers between hosts
  • Improved command line (listing, aliases, profiles, partial hashes, ...)
  • Improved error logging
  • API fixes to more closely match the spec
  • A lot of bugfixes

Please note that it's still early in the LXD development and that current LXD isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

At this point, most core LXD features are present but many of the particular options aren't implemented yet (don't match our specifications), we expect to make great progress in supporting all of the expected options over the next couple of releases.

Downloads

The release tarballs can be found on our download page.

LXD 0.3 release announcement

10th of March 2015 The major changes for this release are:

  • lxd:
    • Reworked exec, now with separate interactive and non-interactive modes and proper support for escape sequences.
    • Improved image handling, now supporting more compression algorithms and support for image export.
    • Initial support of live migration (requires particular container configuration)
    • Initial support of container configuration and profiles
      • Support for disks and network interfaces
      • Support for creating/deleting/assigining profiles
    • Introduce a "default" profile which is applied to all new containers unless otherwise specified.
  • lxc:
    • Improved user experience for the various "list" commands
    • Improved info command, now showing PID and IP addresses
    • Implement the image info command, shows all image properties and aliases.
    • Early (partial) french translation as an example translation of LXD.
    • Support of the "edit" command for images and profiles.
  • lxd-images:
    • Now supports creating a minimal busybox image.
    • Vastly improved image imports from images.linuxcontainers.org by no longer requiring repacking.
    • Now working with python3.2
  • Testsuite:
    • Added tests for container configuration, profiles, devices, migration, exec and database.
    • Now running using a minimal busybox image, making it run in just a few seconds.
  • Many bugfixes

Please note that it's still early in the LXD development and that current LXD isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

At this point, most core LXD features are present but many of the particular options aren't implemented yet (don't match our specifications), we expect to make great progress in supporting all of the expected options over the next couple of releases.

Downloads

The release tarballs can be found on our download page.

LXD 0.2 release announcement

27th of February 2015 The major changes for this release are:

  • Initial version of the built-in image store
    • All containers must now be created from images
    • Images can be imported into LXD by using the provided "lxd-images" tool
    • Image aliases can be setup to make it easier to find your images
  • Database backend (all LXD data is now stored in a SQLite database)
  • Early stage of container configuration (partial API only)
  • Support for building for many architectures through gcc-go (not all dependencies are compatible)
  • Reworked exec mechanism
  • A lot of bugfixes

Please note that it's still early in the LXD development and that current LXD isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

We are still busy working on container migration, proper container configuration and a stable REST API.

Downloads

The release tarballs can be found on our download page.

LXD 0.1 release announcement

13th of February 2015 This is the initial LXD release.

With this first release of LXD, it is possible to:

  • List containers
  • create, destroy, start, stop and execute commands into an Ubuntu 14.04 LTS amd64 container
  • Transfer files in and out of containers
  • Management of multiple LXD hosts through the lxc command line tool
  • Experiment with the LXD REST API

Support for other container images, container migration, container configuration and profiles and a stable REST API will be coming in the next few releases.

This release is our first development snapshot and isn't intended for production use and comes with no support statement from upstream. (reported bugs and patches will be included in the next release)

Downloads

The release tarballs can be found on our download page.